Aggregator

最近在「家里云」里搞了个 Proxmox VE 8.3，打算在上面跑几个 VM 玩玩。而作为一名忠实的 Debian 系用户 我才不会告诉你我日用的 Linux 系统是搭载 GNOME 的 Fedora 的，所有的 VM 自然要用 Debian 了。借着制作自己的定制化 Debian Cloud Image 的机会，顺便写一篇文章出来和大家分享一下，并纠正、辟谣一下网上现有的有关教程的一些错误。

A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal: '../filedir'. This vulnerability was named CVE-2025-1584. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #504937 / VDB-296561

A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the argument searchinput leads to sql injection. This vulnerability is uniquely identified as CVE-2025-1583. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The manipulation of the argument viewid leads to sql injection. This vulnerability is handled as CVE-2025-1582. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads to sql injection. This vulnerability is known as CVE-2025-1581. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #504454 / VDB-296560

因内部反对和客户投诉，惠普终止了仅仅实施数天的让通过电话获取支持的客户强制性等待 15分钟的政策，这一做法引发了争议，惠普此举旨在将客户引导通过网站获取支持，以减少人工电话客服的成本。惠普表示将“继续优先考虑及时提供实时电话支持”。

Submit #504453 / VDB-288187

Submit #504452 / VDB-296559

Submit #504451 / VDB-296558

Submit #504450 / VDB-296557

A vulnerability was found in Aom-software Beex 3. It has been classified as problematic. This affects an unknown part of the file news.php. The manipulation of the argument navaction leads to cross site scripting. This vulnerability is uniquely identified as CVE-2009-3057. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in LinkLaunder SEO Plugin up to 0.92.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-53727. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Aaron Hodge Silver Aprils Call Posts Plugin up to 2.1.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-53730. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Script-Recipes Post Hits Counter Plugin up to 2.8.23 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-53725. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Andrea Pernici Third Party Cookie Eraser Plugin up to 1.0.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-53755. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Abdul Hakeem Build App Online Plugin up to 1.0.22 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-53751. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Rajeev Chauhan Load More Posts Plugin up to 1.4.0 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-53780. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in WonderCMS 3.1.3. Affected is the function installUpdateThemePluginAction of the file index.php of the component Plugin Installer. The manipulation leads to os command injection. This vulnerability is traded as CVE-2020-35314. It is possible to launch the attack remotely. Furthermore, there is an exploit available.