Aggregator

OpenBlow whistleblowing软件缺少关键HTTP安全头（如CSP、Referrer-Policy等），导致XSS、点击劫持等风险。CVSS评分8.2（高危）。

A vulnerability has been found in tcpdf up to 6.2.21 and classified as critical. This vulnerability affects unknown code of the component phar:/ Wrapper. The manipulation leads to deserialization. This vulnerability was named CVE-2018-17057. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

因环境异常需完成验证后方可继续访问。

当前环境出现异常，需完成验证后方可继续访问。

当前环境异常导致无法正常访问，需完成验证后方可继续使用服务。

A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/update_account.php. The manipulation of the argument musername leads to sql injection. The identification of this vulnerability is CVE-2025-7511. The attack may be initiated remotely. Furthermore, there is an exploit available.

当前环境异常，请完成验证以继续访问。

在 AI 霸权之战上，钱成了最不值钱的东西。

文章介绍如何通过调整 Windows 11 的设备设置区域为欧盟地区，并禁用 UCPD 驱动程序，模拟欧盟用户环境以获得更多数字选择权。具体操作包括删除或禁用 UCPD 驱动，并使用工具更改设备区域设置。完成后可自由更换默认浏览器和搜索引擎等系统功能。

A vulnerability classified as critical was found in Oracle Agile Product Lifecycle Management for Process 6.2.0.0/6.2.1.0/6.2.2.0/6.2.3.0. This vulnerability affects unknown code of the component jQuery. The manipulation leads to cross site scripting. This vulnerability was named CVE-2019-11358. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in FreeWebStat 1.0 Rev37 and classified as problematic. This vulnerability affects unknown code of the file pixel.php. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2005-3959. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

文章讨论了Qantas数据泄露事件及其对第三方服务的影响，并提及英国NCA逮捕参与零售业攻击的嫌疑人。作者个人资料受影响，并欢迎Push Security加入安全项目。

A vulnerability classified as critical was found in Trend Micro Interscan Viruswall up to 3.51. This vulnerability affects unknown code of the component E-Mail Header Handler. The manipulation leads to improper privilege management. This vulnerability was named CVE-2002-0637. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Phponlinedatingsoftware MyPHPDating 1.0. This issue affects some unknown processing of the file page.php. The manipulation of the argument page_id leads to sql injection. The identification of this vulnerability is CVE-2009-2436. The attack may be initiated remotely. Furthermore, there is an exploit available.

Currently trending CVE - Hype Score: 4 - An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.