PSF基金会(Python)拒绝美国政府150万美元拨款 因为必须放弃DEI政策
Python 软件基金会因与美国政府财政拨款条件冲突而拒绝 150 万美元资助。该条件要求放弃 DEI(多元、平等和包容)政策,与基金会核心价值观不符。尽管面临通货膨胀和赞助减少等财务压力,基金会仍坚持使命并呼吁社区支持开源项目发展。
Aggregator
CVE-2025-12194 | Legion of the Bouncy Castle Bouncy Castle for Java FIPS API Module resource consumption (Nessus ID 271707)
3 months 2 weeks ago
A vulnerability categorized as problematic has been discovered in Legion of the Bouncy Castle Bouncy Castle for Java FIPS and Bouncy Castle for Java LTS. Impacted is an unknown function of the component API Module. The manipulation results in resource consumption.
This vulnerability is reported as CVE-2025-12194. The attack requires a local approach. No exploit exists.
vuldb.com
Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
3 months 2 weeks ago
BlueNoroff网络犯罪组织针对区块链和Web3行业高管及开发者实施SnatchCrypto行动,采用GhostCall和GhostHire两种策略:前者通过伪造Zoom会议诱骗用户下载恶意软件;后者伪装招聘人员让开发者执行恶意项目。该组织利用AI生成视频、图像,并借助GitHub、Telegram等平台分发恶意软件。其攻击链复杂且模块化设计以规避安全检测。
JVN: プラネックス製MZK-DP300Nにおけるハードコードされた認証情報の使用の脆弱性
3 months 2 weeks ago
プラネックスコミュニケーションズ株式会社が提供するMZK-DP300Nには、ハードコードされた認証情報の使用の脆弱性が存在します。
CVE-1999-0043 | ISC INN 1.4sec/1.4sec2/1.4unoff3/1.4unoff4/1.5 Metacharacter newgroup/rmgroup Control Messages privileges management (Nessus ID 10129 / ID 54002)
3 months 2 weeks ago
A vulnerability was found in ISC INN 1.4sec/1.4sec2/1.4unoff3/1.4unoff4/1.5. It has been classified as critical. This impacts an unknown function of the component Metacharacter Handler. The manipulation as part of newgroup/rmgroup Control Messages leads to improper privilege management.
This vulnerability is documented as CVE-1999-0043. The attack can be initiated remotely. There is not any exploit available. This vulnerability is historically significant due to its background and the way it was received.
Upgrading the affected component is recommended.
vuldb.com
CVE-1999-0039 | SGI IRIX up to 6.3 webdist.cgi privileges management (EDB-19299 / Nessus ID 10299)
3 months 2 weeks ago
A vulnerability labeled as critical has been found in SGI IRIX up to 6.3. This affects an unknown part of the file webdist.cgi. The manipulation results in improper privilege management.
This vulnerability is cataloged as CVE-1999-0039. The attack may be launched remotely. Furthermore, there is an exploit available.
The affected component should be upgraded.
vuldb.com
CVE-1999-0042 | University of Washington POP3/IMAP4 memory corruption (EDB-340 / Nessus ID 10125)
3 months 2 weeks ago
A vulnerability classified as critical has been found in University of Washington POP3 and IMAP4. This affects an unknown part. This manipulation causes memory corruption.
This vulnerability appears as CVE-1999-0042. The attack may be initiated remotely. In addition, an exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
研发人员请注意:你克隆的代码,可能“带毒”
3 months 2 weeks ago
近期,奇安信网络安全部和威胁情报中心观察到有多个政企客户研发人员从 Github 上下载不可信的工具或安装包,从而导致开发终端被植入窃密或挖矿软件,可能会对公司核心数据造成潜在的影响。
CVE-2023-25017 | RIFARTEK IOT Wall authorization (EUVD-2023-28996)
3 months 2 weeks ago
A vulnerability labeled as critical has been found in RIFARTEK IOT Wall. Affected by this issue is some unknown functionality. Executing manipulation can lead to incorrect authorization.
This vulnerability appears as CVE-2023-25017. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2023-25018 | RIFARTEK IOT Wall cross site scripting (EUVD-2023-28997)
3 months 2 weeks ago
A vulnerability was found in RIFARTEK IOT Wall. It has been rated as problematic. Affected by this issue is some unknown functionality. Performing manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2023-25018. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2023-25011 | NEC PC Settings Tool up to 10.1.26.0/11.0.22.0 Registry privilege escalation (EUVD-2023-28993)
3 months 2 weeks ago
A vulnerability was found in NEC PC Settings Tool up to 10.1.26.0/11.0.22.0. It has been rated as very critical. Affected by this vulnerability is an unknown functionality of the component Registry Handler. Performing manipulation results in privilege escalation.
This vulnerability is reported as CVE-2023-25011. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2023-25009 | Autodesk 3DS Max USD File Parser out-of-bounds write (EUVD-2023-28991)
3 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Autodesk 3DS Max. This issue affects some unknown processing of the component USD File Parser. Executing manipulation can lead to out-of-bounds write.
This vulnerability appears as CVE-2023-25009. The attack requires local access. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2023-25010 | Autodesk Maya USD File Parser information disclosure (EUVD-2023-28992)
3 months 2 weeks ago
A vulnerability labeled as problematic has been found in Autodesk Maya. Impacted is an unknown function of the component USD File Parser. Executing manipulation can lead to information disclosure.
This vulnerability is tracked as CVE-2023-25010. The attack is only possible within the local network. No exploit exists.
vuldb.com
亚马逊再次开启大规模裁员 裁员规模达到30,000名员工 部分员工坐立不安
3 months 2 weeks ago
科技巨头亚马逊宣布裁员3万人,占员工总数近9%,涉及物流、支付、游戏及AWS等多个团队。此次裁员旨在削减开支并调整疫情期间的过度招聘。员工已收到通知,在办公室内坐立不安。亚马逊正大力投资人工智能,并计划在未来几年减少员工总数以提高效率。
Sinobi
3 months 2 weeks ago
You must login to view this content
cohenido
CVE-1999-0045 | Apache HTTP Server up to 1.1 nph-test-cgi information disclosure (EDB-19536 / Nessus ID 10165)
3 months 2 weeks ago
A vulnerability was found in Apache HTTP Server up to 1.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file nph-test-cgi. This manipulation causes information disclosure.
This vulnerability appears as CVE-1999-0045. The attack may be initiated remotely. In addition, an exploit is available.
Upgrading the affected component is advised.
vuldb.com
CVE-1999-0047 | Berkeley Sendmail 8.8.3/8.8.4 MIME memory corruption (Nessus ID 10055 / ID 74057)
3 months 2 weeks ago
A vulnerability classified as critical has been found in Berkeley Sendmail 8.8.3/8.8.4. The impacted element is an unknown function of the component MIME Handler. Performing manipulation results in memory corruption.
This vulnerability is known as CVE-1999-0047. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-1999-0048 | IBM AIX 3.1/4.1/4.2 Talkd DNS Information privileges management (Nessus ID 10168 / ID 38400)
3 months 2 weeks ago
A vulnerability marked as critical has been reported in IBM AIX 3.1/4.1/4.2. Impacted is an unknown function of the component Talkd. This manipulation as part of DNS Information causes improper privilege management.
This vulnerability appears as CVE-1999-0048. The attack may be initiated remotely. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks
3 months 2 weeks ago
The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications. On October 27, 2025, Apache disclosed two vulnerabilities, CVE-2025-55752 and CVE-2025-55754, affecting multiple versions of Tomcat. While the first poses a risk of remote code execution (RCE) under specific configurations, the second […]
The post Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks appeared first on Cyber Security News.
Guru Baran
近7.6万台WatchGuard Firebox安全设备存在漏洞 面临高危远程代码执行风险
3 months 2 weeks ago
目前尚未有报告显示CVE-2025-9242漏洞已被攻击者活跃利用,但官方强烈建议尚未安装安全更新的管理员,尽快为设备部署补丁。