Aggregator

A vulnerability was found in Oracle WebCenter Sites 7.6.2/11.1.1.6.0/11.1.1.6.1. It has been classified as problematic. Affected is an unknown function of the component WebCenter Sites. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2013-1509. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

天文学家本月早些时候宣布可能发现了已知第三个星际天体、第二个星际彗星 3I/ATLAS（第一个是 Oumuamua，第二个是星际彗星 2I/Borisov）。天文学家现在报告 3I/ATLAS 可能比太阳系还要古老 30 亿年，很可能是人类目前见过最古老的彗星。与之前发现的星际天体 1I/ ʻOumuamua 和 2I/Borisov 不同，3I/ATLAS 似乎不是沿着平坦的银河平面移动，而是以一条更陡峭的路径穿越银河，科学家推测它可能来自银河系的「厚盘」—那是一个分布着许多年老恒星的区域，位置在我们熟悉的银河盘面上下。研究推估，这颗彗星若是从厚盘区域的某颗古老恒星系统中诞生，那么它应该富含水冰成分。随着它逐渐靠近太阳，阳光将会加热并激发彗星表面产生活动，释放出气体与尘埃，进而形成明亮的彗发和彗尾。根据初步观测，3I/ATLAS 已经显现出活跃的征兆，甚至可能比之前那两颗星际天体的活跃程度更高。如果这些特征获得确认，将有助于我们推估未来还能从望远镜观测到类似星际天体的数量。

A vulnerability, which was classified as problematic, has been found in SonicWALL Email Security. This issue affects some unknown processing of the component Email Address Handler. The manipulation leads to information exposure through error message. The identification of this vulnerability is CVE-2023-0655. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Ulearn a5a7ca20de859051ea0470542844980a66dfc05d. This affects an unknown part. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2023-0670. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in thorsten phpmyfaq up to 3.1.11. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2023-1875. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Drupal up to 9.3.18/9.4.2. Affected by this issue is some unknown functionality of the component Form API. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2022-25278. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in QEMU on Windows. Affected by this issue is some unknown functionality of the component Guest Agent Service. The manipulation leads to execution with unnecessary privileges. This vulnerability is handled as CVE-2023-0664. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in squidex up to 7.3.x. It has been classified as problematic. This affects an unknown part. The manipulation leads to improper handling of additional special element. This vulnerability is uniquely identified as CVE-2023-0643. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in squidex up to 7.3.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2023-0642. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. [...]

本周二是今年至今最短的一天。根据 U.S. Naval Observatory and the International Earth Rotation and Reference Systems Service 的数据，周二的自转时间比标准的 24 小时短 1.34 毫秒。地球自转受到了地核运动、大气变化和月球位置等因素的影响。地球最近几年的自转都比通常更快，自转一周的时间经常短于 24 小时。未来几周或几个月可能会出现更多类似的情况。但从千万年的时间跨度上看，地球一天的时间长度并没有变短，而是在变长，比如霸王龙生活的 7000 万年前，一天的时间长度只有 23.5 小时。

A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7475. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login-back.php. The manipulation of the argument user-name leads to sql injection. This vulnerability is known as CVE-2025-7471. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Job Diary 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. This vulnerability is handled as CVE-2025-7474. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in BoldGrid Total Upkeep Plugin up to 1.14.9 on WordPress. Affected by this issue is some unknown functionality of the file env-info.php of the component Back-Up File Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2020-36848. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Modern Events Calendar Lite Plugin up to 6.3.0 on WordPress. It has been classified as critical. Affected is the function wp_ajax_mec_load_single_page. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2021-4458. It is possible to launch the attack remotely. There is no exploit available.

文章介绍如何利用Docker构建便携、可重复且定制化的黑客实验室，解决工具依赖冲突、系统更新导致损坏及虚拟机启动慢等问题。通过容器化工具实现快速部署和跨机器使用。

文章介绍了Active Directory渗透测试的常用工具及其功能示例,包括Pypy、Kerbrute、BloodHound等,帮助防御者发现潜在漏洞,并提供了最佳实践建议以增强AD安全性。