Aggregator

Открытый бой без масок: кто из LLM оказался ближе к настоящему учёному?

货盘交易模式旨在帮助商家省去海外仓备货成本，通过直接对接海外现成货盘实现一件代发。然而部分货盘中介专门收购清仓货物，利用新入驻商家的经验盲区，将此类商品转手倒卖以赚取差价。如今，货盘交易欺诈已形成一条专业的黑灰产产业链...

当前环境出现异常状态，需完成验证后才能继续访问相关内容或功能。

A vulnerability classified as critical was found in Essential Real Estate Plugin up to 5.2.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-48126. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in HPE StoreOnce Software up to 4.3.10. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-37089. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in HPE StoreOnce Software up to 4.3.10. This affects an unknown part. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-37091. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HPE StoreOnce Software up to 4.3.10. It has been classified as critical. This affects an unknown part. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-37096. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in shaonsina Sina Extension for Elementor Plugin up to 3.6.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-49262. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in codepeople Calculated Fields Form Plugin up to 5.3.58 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-49291. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in CloudClassroom PHP Project. It has been classified as problematic. This affects an unknown part of the file askquery.php. The manipulation of the argument eid leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-46178. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2025-5877. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in OWASP ModSecurity up to 2.9.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sanitiseArg/sanitizeArg leads to excessive platform resource consumption within a loop. This vulnerability is known as CVE-2025-48866. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HPE StoreOnce Software up to 4.3.10 and classified as critical. This issue affects some unknown processing. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-37090. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in HPE StoreOnce Software up to 4.3.10. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2025-37095. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. This vulnerability is handled as CVE-2025-5439. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. This vulnerability is uniquely identified as CVE-2025-5440. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4. This affects the function check_has_header. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-1736. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4 and classified as problematic. This vulnerability affects unknown code of the component HTTP Wrapper Truncate Handler. The manipulation leads to open redirect. This vulnerability was named CVE-2025-1861. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in rust-ethereum Ethereum up to 0.17.x and classified as problematic. This issue affects some unknown processing. The manipulation leads to improper check for unusual conditions. The identification of this vulnerability is CVE-2025-53359. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cinnamon kotaemon up to 0.10.6 and classified as critical. This vulnerability affects the function index_fn of the file libs/ktem/ktem/index/file/ui.py. The manipulation leads to path traversal. This vulnerability was named CVE-2025-53358. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.