Aggregator

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0 and classified as problematic. Affected by this issue is the function setActive of the file maxtime/api/database/database.lua. The manipulation leads to path traversal: '.../...//'. This vulnerability is handled as CVE-2025-26356. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Nozomi Q-Free MaxTime up to 2.11.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file maxtime/api/database/database.lua of the component HTTP Handler. The manipulation leads to path traversal: '.../...//'. This vulnerability is known as CVE-2025-26355. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Nozomi Q-Free MaxTime up to 2.11.0. Affected is an unknown function of the file maxtime/api/database/database.lua of the component HTTP Handler. The manipulation leads to path traversal: '.../...//'. This vulnerability is traded as CVE-2025-26354. It is possible to launch the attack remotely. There is no exploit available.

上海复旦大学的四名研究人员在预印本平台 arXiv 上发表论文称，AI 大模型能复制自己。研究人员利用了 Meta 的 Llama31-70B-Instruct 和阿里巴巴的 Qwen2.5-72B-Instruct，探索了两种情景：避免关闭（shutdown avoidance）和复制链（chain of replication），赋予大模型工具、系统提示和一个思维模型，允许大模型与系统进行交互，然后要求大模型进行自我克隆。研究人员称，大多数情况下，AI 系统首先探索环境，尝试理解其组成和运行机制。它接着制定出程序作为实现自我复制的初步计划。它最后执行程序，解决可能的障碍，动态调整其计划直至成功。整个过程需要很长的时间，但不需要人工干预。当 AI 试图解决文件丢失或软件冲突等问题时，通常会终止冲突进程，重启系统以修复硬件错误或自动扫描系统以寻找解决问题的信息。研究人员称，结果表明目前的 AI 系统已表现出自我复制的能力，可以利用该能力进一步增强其生存能力。

A vulnerability, which was classified as problematic, has been found in Nozomi Q-Free MaxTime up to 2.11.0. This issue affects some unknown processing of the file maxtime/api/sql/sql.lua of the component HTTP Handler. The manipulation leads to path traversal: '.../...//'. The identification of this vulnerability is CVE-2025-26353. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Nozomi Q-Free MaxTime up to 2.11.0. This affects an unknown part of the component HTTP Handler. The manipulation leads to observable response discrepancy. This vulnerability is uniquely identified as CVE-2025-1101. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Nozomi Q-Free MaxTime up to 2.11.0. This vulnerability affects unknown code of the component HTTP Handler. The manipulation leads to path traversal: '.../...//'. This vulnerability was named CVE-2025-26352. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component HTTP Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-26350. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Handler. The manipulation leads to relative path traversal. This vulnerability is known as CVE-2025-26349. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0. It has been classified as critical. Affected is an unknown function of the component SSH. The manipulation leads to use of hard-coded password. This vulnerability is traded as CVE-2025-1100. It is possible to launch the attack remotely. There is no exploit available.

By Josselin Feist Writing smart contracts requires a higher level of security assurance than most other fields of software engineering. The industry has evolved from simple ERC20 tokens to complex, multi-component DeFi systems that leverage domain-specific algorithms and handle significant monetary value. This evolution has unlocked immense potential but has also introduced an escalating number […]

The post The call for invariant-driven development appeared first on Security Boulevard.

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0 and classified as very critical. This issue affects some unknown processing of the file maxprofile/menu/routes.lua of the component HTTP Handler. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2025-26345. The attack may be initiated remotely. There is no exploit available.

Massive IoT data breach exposed 2.7 billion records including Wi-Fi credentials

A vulnerability has been found in Nozomi Q-Free MaxTime up to 2.11.0 and classified as critical. This vulnerability affects the function editUserMenu of the file maxprofile/menu/model.lua. The manipulation leads to sql injection. This vulnerability was named CVE-2025-26348. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Nozomi Q-Free MaxTime up to 2.11.0. This affects an unknown part of the file maxprofile/menu/routes.lua of the component HTTP Handler. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-26347. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Nozomi Q-Free MaxTime up to 2.11.0. Affected by this vulnerability is the function editUserGroupMenu of the file maxprofile/menu/model.lua. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-26346. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in Nozomi Q-Free MaxTime up to 2.11.0. Affected by this issue is some unknown functionality of the file maxprofile/accounts/routes.lua of the component HTTP Handler. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-26342. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as very critical has been found in Nozomi Q-Free MaxTime up to 2.11.0. Affected is an unknown function of the file maxprofile/guest-mode/routes.lua of the component HTTP Handler. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-26344. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in HCL Connections Docs 2.0.2. It has been rated as problematic. This issue affects some unknown processing of the component Request Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-23563. The attack may be initiated remotely. There is no exploit available.