Aggregator

error code: 1106

A vulnerability has been found in LiteSpeed Cache Plugin up to 6.4.1 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9169. The attack can be initiated remotely. There is no exploit available.

根据发表在《British Journal of Ophthalmology》期刊上的一项研究，全球三分之一儿童近视。研究人员分析了涉及 50 个国家愈 500 万儿童和青少年的研究，结果显示近视率在 1990-2023 年间增加了两倍——达到了 36%。近视与遗传，以及长时间处于室内，上学时间太早相关。亚洲的近视率最高，日本 85% 的儿童和韩国 73% 的儿童近视，中国和俄罗斯愈 40% 的儿童近视。巴拉圭和乌干达近视水平最低，近视率约为 1%。英国、爱尔兰和美国都在 15% 左右。女孩和年轻女性的近视率可能高于男孩和年轻男性，原因是随着年龄的增长，她们进行户外活动的时间较短。眼科专家建议，为减少近视儿童每天应至少在户外活动两小时。

A vulnerability, which was classified as problematic, was found in ElementsKit Elementor Addons Plugin up to 3.2.7 on WordPress. This affects an unknown part of the component Video Widget. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8546. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Livemesh Elementor Addons Plugin up to 8.5 on WordPress. Affected by this issue is the function piechart_settings of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-8858. The attack may be launched remotely. There is no exploit available.

OSRC活动即将开启

A vulnerability classified as problematic was found in WP ULike Plugin up to 4.7.3 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-7878. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Vmware Spring Framework up to 5.3.37/6.0.22/6.1.11. Affected is an unknown function of the component Conditional HTTP Request Handler. The manipulation of the argument ETags leads to denial of service. This vulnerability is traded as CVE-2024-38809. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Hadoop up to 3.3.x. It has been rated as problematic. This issue affects the function runJar.run. The manipulation leads to creation of temporary file in directory with insecure permissions. The identification of this vulnerability is CVE-2024-23454. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in adstxt Plugin up to 1.0.0 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-7892. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Chatbot with ChatGPT Plugin up to 2.4.5 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component REST Endpoint. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2024-6845. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Thecosy IceCMS up to 3.4.7 and classified as problematic. Affected by this issue is some unknown functionality of the component JWT. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is handled as CVE-2024-46612. The attack may be launched remotely. There is no exploit available.

Missed the Cloud Security Alliance Startup Pitchapalooza? Watch the Recording Now!Earlier this yea

A vulnerability has been found in Concrete CMS up to 8.5.18/9.3.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Image Editor Background Color. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8291. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Статья рассматривает изменения в Nuclei за последний год и личный опыт взаимодействия с инструментом. Обсудим такие крупные обновления в Nuclei, как кодовая вставка, использование javascript в шаблонах, управление запросами через flow, внедрение подписи шаблонов и пр. Также рассмотрим возможные клиентские атаки на Nuclei, которые стали доступны благодаря этим нововведениям.

A vulnerability was found in Paul Alexander Campaign 4.5.8. It has been classified as critical. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7000. The attack needs to be done within the local network. There is no exploit available.