Aggregator

A vulnerability classified as critical was found in Apple tvOS up to 11.4.1. This vulnerability affects unknown code. The manipulation leads to use after free. This vulnerability was named CVE-2018-4306. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

“AI Agent可能是下一个机器人行业，蕴含着价值数万亿美元的机会。”在刚刚结束的CES 202 […]

黄仁勋眼中的万亿美元机会，AI Agent也是网络安全的下一个关注点 日期：2025年01月09日 阅：73

新闻速览 •CISA发布自愿网络安全绩效目标，提升软件安全性 •Telegram交出数千个用户数据，隐私政策转 […]

Telegram交出数千个用户数据，隐私政策转变引发关注；美国启动网络信任标识计划，提升设备安全性 | 牛览 日期：2025年01月09日

你可能错过的新鲜事Apple 公布新春贺岁片预告1 月 8 日，Apple 公司公布了 2025 年的新春贺岁片的预热短片及海报。影片主题为《想和你一起听听歌》，由歌舞片导演迈克尔·格雷西执导，讲

A vulnerability, which was classified as problematic, has been found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.9 on WordPress. This issue affects some unknown processing of the component Event Calendar Widget. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-1536. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.9 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Data Table Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1537. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Zitadel up to 2.47.3. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-28855. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OctoPrint up to 1.9.3/1.10.0rc2 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-28237. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Xbox Gaming Services and classified as critical. This issue affects some unknown processing. The manipulation leads to link following. The identification of this vulnerability is CVE-2024-28916. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zitadel up to 2.48.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login UI. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2024-29892. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Meta 取消第三方事实核查当地时间 1 月 7 日，美国社交媒体平台 Facebook 和 Instagram 的母公司 Meta 宣布，将终止其第三方事实核查计划。这一转变正值 Meta CEO

曝谷歌正招兵买马组建世界模型团队；陈震开 FSD 撞护栏，评价不如小鹏和华为；黄仁勋称量子计算机可能需要 20 年实现。

A vulnerability, which was classified as problematic, has been found in Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4. This issue affects some unknown processing of the component RAR Decompression. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-5310. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等进行检测或维护参考，未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直接或间接后果和损失，均由使用

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球对于轻量级阅读支持的不足，为用户读者提供更佳的阅读体验。如果您对阅读体验的需求比较高，那么