Aggregator

A vulnerability, which was classified as critical, was found in Apache Solr up to 8.11.3/9.6.x. Affected is an unknown function of the component URL Path Ending. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-45216. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache Solr up to 8.11.3/9.6.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the component ConfigSets Handler. The manipulation leads to insecure default initialization of resource. This vulnerability is known as CVE-2024-45217. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

JetBrains的兑换码被泄露，用户免费领取了一年全家桶订阅。公司称该兑换码仅限于SQL Bits London 2025参会者使用，并要求用户提供参会证明，否则可能收回订阅。此前类似事件也发生过。

A vulnerability has been found in ZBar 0.23.90 and classified as critical. Affected by this vulnerability is the function lookup_sequence of the component QR Code Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2023-40890. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in Rakuten WiFi Pocket. It has been classified as critical. Affected is an unknown function of the component Management Screen. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-40282. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as problematic has been found in Artifex Ghostscript on Red Hat. This affects an unknown part of the component Incomplete Fix CVE-2020-16305. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-4042. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Google Chrome. It has been classified as problematic. Affected is an unknown function of the component CSS. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2023-4428. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in vLLM up to 0.7.x. This vulnerability affects unknown code of the component ZMQ/TCP. The manipulation leads to deserialization. This vulnerability was named CVE-2025-29783. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

一个开放的黑客社区，旨在帮助新手成长为专家。鼓励提问、回答和学习，并提供Discord链接供访问。

当前环境出现异常，需完成验证后方可继续访问。

声明：请勿利用文章内的相关技术从事非法测试，如因此产生的一切不良后果与文章作者和本公众号无关。最近内部做安全

当前环境出现异常提示，需完成验证后方可继续访问。

当前环境出现异常状态，需完成验证后才能继续访问。

当前环境异常，需完成验证后才能继续访问。

当前环境出现异常状态，需完成验证后才能继续访问。

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

澳大利亚航空巨头Qantas于11月13日报告称，在威胁行为者入侵一个第三方客户服务平台后检测到一起网络攻击。此次事件导致约600万客户的个人信息被窃取，包括姓名、电子邮件地址、电话号码、出生日期和常旅客号码。幸运的是，信用卡和财务信息未受影响。Qantas已采取措施控制系统，并通知了相关部门。与此同时，网络安全公司警告称，“Scattered Spider”黑客组织近期开始针对航空和运输行业发动攻击。