Aggregator

A vulnerability, which was classified as critical, has been found in Discourse up to stable 3.3.1. This issue affects some unknown processing of the component Setting Handler. The manipulation of the argument DISCOURSE_DISABLE_ANON_CACHE leads to origin validation error. The identification of this vulnerability is CVE-2025-23023. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Discourse up to beta 3.4.0.beta3/stable 3.3.3/tests-passed 3.4.0.beta3. This vulnerability affects unknown code of the component Video Placeholder. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22602. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Discourse up to beta 3.4.0.beta3/tests-passed 3.4.0.beta3. This affects an unknown part of the component Link Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-22601. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Discourse up to beta 3.4.0.beta3/stable 3.3.3/tests-passed 3.4.0.beta3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Onebox Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-56328. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Discourse up to beta 3.4.0.beta4/stable 3.3.3/tests-passed 3.4.0.beta4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Metadata Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-56197. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Discourse up to beta 3.4.0.beta3/stable 3.3.2/tests-passed 3.4.0.beta3. It has been classified as problematic. Affected is an unknown function of the component Setting Handler. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-53851. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in OpenText Content Management Extended ECM up to 24.4 and classified as critical. This issue affects some unknown processing of the component WebReports Module. The manipulation leads to improper validation of specified type of input. The identification of this vulnerability is CVE-2024-8125. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in IBM Security Verify Access Appliance and Security Verify Access Container up to 10.0.8 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-40700. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM Security Verify Access Appliance and Security Verify Access Container up to 10.0.8. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-35138. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM Security Verify Access Appliance and Security Verify Access Container up to 10.0.8. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through error message. This vulnerability is handled as CVE-2024-45658. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in IBM Security Verify Access Appliance and Security Verify Access Container up to 10.0.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is known as CVE-2024-43187. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Checkmk NagVis up to 1.9.41/2.3.0p9. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-13723. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

既然网络有被攻击的风险，很多人就希望本地化部署DeepSeek，部署完成后就可以避免安全问题发生了吗?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new set of guidelines to fortify firewalls, routers, internet-facing servers, and other edge devices against cyber threats. This collaborative guidance, supported by leading international cybersecurity organizations, aims to address vulnerabilities in hardware that form the backbone of critical infrastructure and operational networks worldwide. Edge devices—like […]

The post CISA Releases New Guidelines to Secure Firewalls, Routers, and Internet-Facing Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data. OpenNHP offers the following benefits: Reduces attack surface by hiding infrastructure Prevents unauthorized network reconnaissance Mitigates vulnerability exploitation Stops phishing via encrypted DNS Protects against DDoS attacks Enables fine-grained access control Provides identity-based connection tracking Attack attribution “The OpenNHP proposed a cost-effective way to solve the vulnerability problem. The common way to mitigate vulnerabilities is … More →

The post OpenNHP: Cryptography-driven zero trust protocol appeared first on Help Net Security.

国家市场监管总局在一句话声明中宣布对谷歌发起反垄断调查：“因谷歌公司涉嫌违反《中华人民共和国反垄断法》，市场监管总局依法对谷歌公司开展立案调查。”谷歌在中国的业务主要剩下广告，但其广告收入相比百度等公司微乎其微，暂时不清楚谷歌涉嫌垄断的是哪项业务。

SparkCat恶意活动概述 2024年底，卡巴斯基的专家发现了一场名为SparkCat的恶意活动，该活动通过传播恶意软件来针对加密货币钱包。早在2023年3月，ESET就发现了一些经过修改的即时通讯应用版本中嵌入了恶意软件，这些软件利用光学字符识别（OCR）技术扫描受害者设备中的图片，寻找恢复加密货币钱包访问权限的短语。 卡巴斯基在2024年底发现的SparkCat活动采用了类似的策略，但这