Aggregator

作者搭建个人图书馆管理系统，使用多维表格和钉钉文档记录书籍信息。设置十个字段包括书名、ISBN、购买渠道等，并添加评分系统和视图管理功能。通过扫码录入提升效率，并解决历史数据补录问题。

A vulnerability has been found in Tiny File Manager up to 2.4.7 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-40490. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Tiny File Manager up to 2.4.7 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to session fixiation. This vulnerability is handled as CVE-2022-40916. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in DouPHP 1.8. Affected by this vulnerability is an unknown functionality of the file /admin/article.php. The manipulation of the argument description leads to cross site scripting. This vulnerability is known as CVE-2024-57599. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in TP-Link TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 and classified as critical. Affected by this issue is the function sub_4256CC. The manipulation of the argument devpwd leads to command injection. This vulnerability is handled as CVE-2024-57357. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in advplyr audiobookshelf up to 2.19.0. Affected by this issue is some unknown functionality of the file /api/items/1/cover of the component Query Parameter Handler. The manipulation leads to exposure of sensitive information through data queries. This vulnerability is handled as CVE-2025-25205. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in lunary-ai lunary up to 1.6.2. This vulnerability affects unknown code of the component POST Request Handler. The manipulation leads to improper enforcement of a single, unique action. This vulnerability was named CVE-2024-11301. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in lunary-ai lunary up to 1.6.0. It has been declared as critical. This vulnerability affects the function runId_score of the file /v1/runs/. The manipulation of the argument ID leads to improper access controls. This vulnerability was named CVE-2024-11137. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in lunary-ai lunary up to 1.4.2. Affected is an unknown function of the file /v1/templates/{id}/versions of the component HTTP Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-7476. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in trojan up to 2.15.3. Affected by this vulnerability is an unknown functionality of the file /auth/register of the component Initialization Interface. The manipulation leads to improper initialization. This vulnerability is known as CVE-2024-55215. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents/agent-register/addagent. The manipulation of the argument plan_id leads to cross site scripting. This vulnerability is handled as CVE-2025-2714. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4 and classified as problematic. This issue affects some unknown processing of the component Streams HTTP Wrapper. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2025-1734. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. This vulnerability was named CVE-2025-1186. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Timetable Responsive Schedule 1.5 on Joomla and classified as critical. Affected by this issue is some unknown functionality. The manipulation as part of Request leads to sql injection. This vulnerability is handled as CVE-2018-6583. The attack may be launched remotely. Furthermore, there is an exploit available.

文章介绍了错误代码521的常见原因及其对网络请求的影响，并提供了相应的解决方法。

HackerNews 编译，转载请注明出处： 哥伦比亚大学官员周二表示，一名带有“政治议程”的黑客近期入侵该校IT系统，并“针对性”窃取了学生数据。 目前尚不清楚黑客在系统内潜伏了多长时间，但哥伦比亚大学发言人称自6月24日起未再检测到威胁活动。上周，该校表示正在调查一起网络攻击事件，导致大学网站及其他系统间歇性瘫痪。 “我们的调查显示，这些黑客技术高超，在窃取文件时目标非常明确，”该校官员表示。“他们入侵系统并窃取学生数据，显然是为了推进其政治议程。” 该官员称，大学未收到勒索要求，也未发现“任何勒索软件的迹象”。 据报道，黑客向彭博社提供了1.6GB的数据，声称这些数据是从哥伦比亚大学窃取的，其中包括可追溯数十年的250万份申请信息。 彭博社审查的被盗数据据称包含申请人是否被拒或录取、国籍状态、大学ID号码以及他们申请的具体学术项目等详细信息。 尽管黑客的说法尚未得到独立核实，但彭博社将黑客提供的数据与8名2019年至2024年间申请哥伦比亚大学的申请人信息进行了比对，发现两者相符。 据报道，该威胁行为者告诉彭博社，他正在寻找证据，以证明哥伦比亚大学是否在招生中继续使用平权行动，尽管最高法院在2023年已禁止该做法。 黑客告诉彭博社，他总共窃取了460GB的数据——在花费两个月时间针对并渗透大学服务器中权限越来越高的层级后——并称他获取了有关财务援助方案、员工薪资以及至少180万份属于员工、申请人、学生及其家属的社会安全号码的信息。 彭博社未查看更大规模的数据集，且这些信息无法独立核实。 哥伦比亚大学发言人表示，在调查进行期间，他们无法证实彭博社关于数据泄露规模的报道。 黑客从“我们网络的有限部分”窃取了数据，他们说道。 官员表示，一旦意识到入侵事件，哥伦比亚大学迅速恢复了大部分系统，并补充称该校已聘请一家“黄金标准”的网络取证公司来应对此次攻击。 他们补充说，确定被盗内容可能需要数月时间。 “我们正在调查此次明显数据盗窃的范围，并将调查结果与大学社区以及个人信息遭泄露的任何人分享，”哥伦比亚大学的新闻稿称。“自6月24日以来，我们未在网络中观察到威胁行为者的活动，并将继续密切监控系统中的任何进一步非法活动。”   消息来源： therecord.media； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A11pl3Z несётся по космосу, не заметив Землю.

文章描述了错误代码521的情况，通常由Cloudflare引发，表示无法连接到源站服务器。常见原因包括服务器拒绝连接或超时。建议检查服务器状态、网络配置和防火墙设置以解决问题。

HackerNews 编译，转载请注明出处： 美国政府警告称，在美国对伊朗核设施实施打击后，伊朗可能继续发动网络攻击。 据路透社报道，亲伊朗黑客威胁将公开据称从特朗普总统身边人手中窃取的电子邮件，美国联邦当局称此举是“精心策划的抹黑行动”。 美国网络安全和基础设施安全局（CISA）周一晚间表示，这些针对特朗普的邮件威胁“不过是数字宣传”，目的是损害特朗普及其他联邦官员的形象。 CISA发言人玛西·麦卡锡在社交媒体发文称：“敌对的外国势力威胁非法利用所谓被盗且未经核实的材料，企图转移注意力、抹黑和分裂美国。这些犯罪分子将被追查并绳之以法。” 路透社报道称，他们通过在线渠道联系了这些所谓的黑客。对方声称掌握大量邮件，包括特朗普幕僚长苏西·威尔斯、其他高级顾问以及色情演员斯托米·丹尼尔斯（特朗普因向其支付“封口费”而被定罪）的通信记录。 去年，联邦检察官指控三名伊朗人入侵特朗普总统竞选团队。黑客还针对拜登和哈里斯的民主党竞选团队发动攻击，并曾试图将所谓窃取的特朗普材料泄露给民主党人和媒体记者，但未成功。 就在CISA、FBI和国家安全局发布公开警告的同一天，出现了这一新的邮件泄露威胁。三家机构警告称，尽管伊朗与以色列达成脆弱停火，但支持德黑兰的黑客组织仍可能攻击美国利益。 当局警告，这些黑客可能试图破坏或瘫痪关键基础设施，如公用事业、交通和经济枢纽，还可能针对与以色列有关联的美国国防承包商或其他企业。 公告建议采取防御措施，包括定期更新软件和使用强密码管理系统。 在美国打击伊朗核设施后，支持德黑兰的黑客曾针对美国银行、国防承包商和能源公司发动攻击，但尚未造成大规模破坏。     消息来源： securityweek ； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

谷歌将向 Pixel 6A 推送强制性软件更新，限制电池容量以避免起火爆炸风险，并删除旧版固件防止降级。用户可联系谷歌更换新电池。