Aggregator

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞310个，其中高危漏洞133个、中危漏洞170个、低危漏洞7个。

Het is vandaag 3 jaar geleden dat de grootschalige Russische aanvalsoorlog tegen Oekraïne begon. Defensie heeft daarom de Oekraïense vlag gehesen op het ministerie in Den Haag. Het geel-blauwe doek hangt ook op andere overheidsgebouwen. Zo laat Nederland zien dat het achter Oekraïne staat. En het door oorlog geteisterde land volop blijft steunen.  

Миллионы жертв слежки получили шанс узнать своих преследователей.

2025年2月20日，哈萨克斯坦国家安全委员会前主席阿尔努尔·阿尔贾帕鲁利·穆萨耶夫在其脸书，发帖称“特朗普”是前苏联情报机构克格勃招募的间谍。

所有来稿必须为原创，且从未在任何平台公开发表过。一经来稿，即表明来稿者具有完整的版权，责任自负，并确认已将作品的编辑发布权交于“遥瞰天下”微信公众号和“丁爸 情报分析师工具箱”微信公众号。

Currently trending CVE - Hype Score: 1 - solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX ...

Currently trending CVE - Hype Score: 1 - An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with ...

Currently trending CVE - Hype Score: 1 - A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code via a crafted input.

Currently trending CVE - Hype Score: 1 - dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's `.replace()` opens up to potential Cross-site Scripting (XSS) vulnerabilities with the special replacement patterns beginning with `$`. Particularly, when the ...

Currently trending CVE - Hype Score: 2 - Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

Currently trending CVE - Hype Score: 1 - Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 3 - Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs ...

Currently trending CVE - Hype Score: 1 - A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are ...

直指欧洲

直指欧洲

Leaked Black Basta chat logs reveal internal conflicts, exposing member details and hacking tools as the gang reportedly falls apart. An unknown actor, named ExploitWhispers, leaked Matrix chat logs of the Black Basta ransomware gang revealing internal conflicts, and exposing member details and hacking tools as the gang reportedly collapses. ExploitWhispers first uploaded the chat […]