Aggregator

8月15日中午12点 准时开赛

看雪论坛作者ID：青衫不负雪

上周关注度较高的产品安全漏洞(20250804-20250810)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞375个，其中高危漏洞198个、中危漏洞151个、低危漏洞26个。

ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable UnRAR source code, update right away to the latest release. According to ESET telemetry, malicious archives were used in spearphishing campaigns between July 18 to July 21, 2025, targeting financial, manufacturing, defense, and logistics companies in … More →

The post WinRAR zero-day exploited by RomCom hackers in targeted attacks appeared first on Help Net Security.

A vulnerability was found in 2100 Technology Official Document Management System 5.0.89.0/5.0.89.1/5.0.89.2. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to authentication bypass by spoofing. This vulnerability is handled as CVE-2025-8853. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in code-projects eBlog Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-8859. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #628112 / VDB-319399

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise. [...]

声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部

2025年8月11日，深瞳漏洞实验室监测到一则WinRAR组件存在目录遍历漏洞的信息，漏洞编号：CVE-2025-8088，漏洞威胁等级：高危。

美国防部AIxCC决赛提晓最佳漏洞识别和修复AI模型

平均每人可领取约35.5万元

澳大利亚海洋科学研究所(AIMS)报告，大堡礁珊瑚白化事件创下纪录。大堡礁（Great Barrier Reef）是世界最大最长的珊瑚礁群，绵延 2,300 公里。珊瑚白化现象是珊瑚礁所表现出来的病理特征，造成珊瑚白化的原因有很多，最主要是全球暖化导致海水温度过高。如果珊瑚经历超过其热极限 1 摄氏度的水温，它们可能会在两个月内死亡。如果水温高出 2 摄氏度，它们会在一个月内死亡。AIMS 在 2024 年 8 月至 2025 年 5 月期间对 124 个珊瑚礁的健康状况进行了调查。报告显示，大堡礁三个地区中有两个发生珊瑚数量最大幅度的下降。北部和南部地区受影响最严重，珊瑚覆盖下降四分之一至三分之一。

DeepSeek辅助即梦AI视频生成

С 2026 года Минцифры ужесточит контроль за спутниковым 5G.

Currently trending CVE - Hype Score: 1 - NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.

Currently trending CVE - Hype Score: 1 - NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data ...

Currently trending CVE - Hype Score: 11 - NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information ...

Eight European countries have yet to transpose NIS2 into law, exposing them to regulatory action