华为 Pura X Max 卖爆了,但「阔折叠」还只赢了一半
卖得好,用户「用钱投票」,只是定义一个好产品的关键指标之一。
Aggregator
New cPanel and WHM Flaws Enable Code Execution, DoS Attacks
5 days 7 hours ago
cPanel has disclosed three critical security vulnerabilities tracked as CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 affecting its widely deployed cPanel & WHM web hosting control panel and WP Squared (WP2) platform. The flaws, patched on May 8, 2026, expose servers to arbitrary file reads, Perl code injection, and denial-of-service (DoS) attacks, making immediate patching essential for hosting […]
The post New cPanel and WHM Flaws Enable Code Execution, DoS Attacks appeared first on Cyber Security News.
Guru Baran
Apple говорит «подожди», хакеры говорят «не надо». Одна вставленная команда обошла защиту macOS
5 days 7 hours ago
Пользователи Mac годами смеялись над вирусами для Windows. ClickFix предлагает пересмотреть позицию.
Хокинг был прав, но куда девается информация? Новый математический мост между чёрными дырами и Стандартной моделью
5 days 8 hours ago
Метод «двойной копии» показал, что следы испарения черной дыры могут скрываться в обычных уравнениях Стандартной модели.
INC
5 days 8 hours ago
You must login to view this content
cohenido
INC
5 days 8 hours ago
You must login to view this content
cohenido
CVE-2022-46364
5 days 8 hours ago
Currently trending CVE - Hype Score: 2 - A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
CVE-2025-54123
5 days 8 hours ago
Currently trending CVE - Hype Score: 2 - Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware` endpoint due to insufficient validation and sanitization in user input. The ...
CVE-2023-37466
5 days 8 hours ago
Currently trending CVE - Hype Score: 4 - vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the ...
CVE-2025-6554
5 days 8 hours ago
Currently trending CVE - Hype Score: 2 - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Конец эпохи «Don’t Be Evil»: 50 млн долларов стали ценой за системный расизм в ИТ
5 days 8 hours ago
Компания пошла на условия истцов... только вот признавать вину всё еще не собирается.
CVE-2014-2141 | Cisco ONS 15454 Closed Session memory corruption (CSCug97416 / Nessus ID 73457)
5 days 9 hours ago
A vulnerability was found in Cisco ONS 15454 and classified as problematic. This affects an unknown part of the component Closed Session Handler. The manipulation results in memory corruption.
This vulnerability was named CVE-2014-2141. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2014-0166 | WordPress up to 3.7.1/3.8.1 Authentication Cookies pluggable.php wp_validate_auth_cookie improper authentication (Nessus ID 73485 / ID 12914)
5 days 9 hours ago
A vulnerability classified as problematic has been found in WordPress up to 3.7.1/3.8.1. The affected element is the function wp_validate_auth_cookie of the file wp-includes/pluggable.php of the component Authentication Cookies Handler. This manipulation causes improper authentication.
This vulnerability is registered as CVE-2014-0166. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2014-0165 | WordPress up to 3.7.1/3.8.1 Plupload publish_post access control (Nessus ID 73471 / ID 12914)
5 days 9 hours ago
A vulnerability, which was classified as problematic, has been found in WordPress up to 3.7.1/3.8.1. This affects an unknown function of the component Plupload. Performing a manipulation of the argument publish_post results in improper access controls.
This vulnerability is reported as CVE-2014-0165. The attack is possible to be carried out remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2014-2126 | Cisco ASA up to 9.1 ASDM access control (cisco-sa-20140409-asa / Nessus ID 73533)
5 days 9 hours ago
A vulnerability was found in Cisco ASA up to 9.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component ASDM Handler. This manipulation causes improper access controls.
The identification of this vulnerability is CVE-2014-2126. It is possible to initiate the attack remotely. There is no exploit available.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
CVE-2014-2127 | Cisco ASA up to 9.1 SSL VPN input validation (cisco-sa-20140409-asa / Nessus ID 73533)
5 days 9 hours ago
A vulnerability categorized as critical has been discovered in Cisco ASA up to 9.1. Affected by this issue is some unknown functionality of the component SSL VPN Handler. Such manipulation leads to improper input validation.
This vulnerability is referenced as CVE-2014-2127. It is possible to launch the attack remotely. No exploit is available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2014-2128 | Cisco ASA up to 9.1 SSL VPN Authentication HTTP POST Request improper authentication (cisco-sa-20140409-asa / Nessus ID 73533)
5 days 9 hours ago
A vulnerability identified as critical has been detected in Cisco ASA up to 9.1. This affects an unknown part of the component SSL VPN Authentication. Performing a manipulation as part of HTTP POST Request results in improper authentication.
This vulnerability is identified as CVE-2014-2128. The attack can be initiated remotely. There is not any exploit available.
Applying a patch is the recommended action to fix this issue.
vuldb.com
CVE-2014-2129 | Cisco ASA up to 9.1 SIP HTTP POST Request input validation (cisco-sa-20140409-asa / Nessus ID 73533)
5 days 9 hours ago
A vulnerability labeled as problematic has been found in Cisco ASA up to 9.1. This vulnerability affects unknown code of the component SIP Handler. Executing a manipulation as part of HTTP POST Request can lead to improper input validation.
This vulnerability is tracked as CVE-2014-2129. The attack can be launched remotely. No exploit exists.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2014-2544 | TIBCO Spotfire Server 3.3.0 memory corruption (Nessus ID 78392 / XFDB-92603)
5 days 9 hours ago
A vulnerability has been found in TIBCO Spotfire Server 3.3.0 and classified as critical. This issue affects some unknown processing. This manipulation causes memory corruption.
This vulnerability is registered as CVE-2014-2544. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
vuldb.com
CVE-2012-4921 | WordPress DVS Custom Notification plugin up to 1.0.1 cross-site request forgery (SA51531 / OSVDB-89441)
5 days 9 hours ago
A vulnerability was found in WordPress DVS Custom Notification plugin up to 1.0.1 and classified as problematic. Impacted is an unknown function. Such manipulation leads to cross-site request forgery.
This vulnerability is documented as CVE-2012-4921. The attack can be executed remotely. There is not any exploit available.
vuldb.com