Aggregator

A vulnerability was found in XpressEngine XE3. It has been rated as critical. This issue affects some unknown processing of the component Image File Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2021-26642. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in rancher wrangler and classified as problematic. This vulnerability affects unknown code of the component Git Credentials Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2022-43756. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in visualexpert Plugin up to 1.3 on Jenkins. It has been rated as critical. Affected by this issue is some unknown functionality of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is handled as CVE-2023-24455. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in pyload up to 0.5.0b3.dev42 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2023-0509. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Rancher. This vulnerability affects unknown code of the component cattle-token Handler. The manipulation leads to insufficiently random values. This vulnerability was named CVE-2022-43755. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

13 岁少年成微软最年轻安全研究员

快来参与活动～京东59元包邮，欢迎下单！

看雪论坛作者ID：yirucandy

Europol shuts down Archetyp Market, longest-running dark web drug site, the police arrested the admin in Spain, top vendors hit in Sweden. An international law enforcement operation led by German authorities has shut down Archetyp Market, the longest-running dark web drug marketplace, in a coordinated operation across six countries with support from Europol and Eurojust. […]

天文学家最近发现一颗名为 HIP 67522b 的系外行星，跟它的母恒星 HIP 67522 的互动关系非常不寻常。这颗行星靠母星非常近，导致恒星表面频繁发生激烈的耀斑，也让行星的大气层持续受热膨胀。HIP 67522 是一颗年轻的 G 型恒星，位于半人马座，距离地球约 417 光年，年龄大约只有 1,700 万年。这颗恒星拥有两颗行星，其中 HIP 67522b 是一颗「热木星」——体积接近木星，由于公转轨道非常靠近母星，绕转一圈只需 7 天的时间。研究团队发现，这颗行星似乎能与母恒星的磁场产生某种奇特的连结，进而引发恒星表面出现剧烈的耀斑活动。这些耀斑朝向行星爆发时，又把大量能量「反馈」到行星身上，使它的大气层像吹气球一样不断膨胀。长期下来，行星的大气可能会被严重剥离，甚至从一颗巨大的热木星，缩小成像「热海王星」或「亚海王星」那样的体积。这类母星与行星之间的强烈互动，早就在理论上被预测过，但直到现在才首次被实际观测到。

华云安、无糖信息、亿格云获融资，行业各厂商聚焦AI平台化与前沿技术。

一图读懂《2025年护航新型工业化网络安全专项行动方案》

近日，中央网信办发布通知，决定在全国范围内启动为期两个月的“清朗·优化营商网络环境——整治涉企网络‘黑嘴’”专项行动，重点整治恶意抹黑诋毁攻击企业、对企业进行敲诈勒索、恶意营销炒作、泄密侵权等四类突出...

目前，网络安全防护已不再局限于技术层面，而是扩展到了战略等多个维度。这对网络安全工程师的能力提出了更高要求，究竟需要具备哪些复合型能力才能胜任行业需求？这一问题的答案既反映了产业实践的现实困境，也凸显了构建新型能力框架的必要性与紧迫性。

为深入学习贯彻习近平总书记关于新型工业化的重要论述，全面贯彻落实中央经济工作会议精神和全国新型工业化推进大会部署，扎实推进2025年护航新型工业化网络安全专项行动，工业和信息化部印发《2025年护航新型工业化网络安全专项行动方案》。

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 8058c88ac0df21239daee54b5934d5c80ca9685f. Affected is the function nf_set_pipapo_avx2 of the component netfilter. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-38120. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.15.2. This issue affects some unknown processing. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-38130. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.15.2. This affects the function mgmt_hci_cmd_sync of the component Bluetooth. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-38128. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.15.2. This vulnerability affects the function in_hw_restart of the component wifi. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-38121. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.141/6.6.93/6.12.33/6.15.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Stmmac Platform Driver. The manipulation of the argument clk_ptp_rate leads to divide by zero. This vulnerability is handled as CVE-2025-38126. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.