Aggregator

从零开始学习浏览器漏洞利用，掌握oob技术、JIT编译原理

这些漏洞涉及macOS的JavaScriptCore和WebKit组件，可能允许攻击者通过恶意网页内容执行任意代码或发起跨站脚本攻击

看雪论坛作者ID：Bogger

短视频在过去数年内成为主流的内容创作和信息分发渠道之一， 字节跳动提供独特的视频播放体验，吸引了全球数十亿用户， 一项重要的贡献因素是其先进的个性化视频技术。 本文将揭示个性化视频技术主要概念和部分方法， 希望对整个行业有所启发。

A vulnerability was found in Red Hat Ansible Automation Platform 2.5. It has been classified as critical. This affects an unknown part of the component OAuth2 Token Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-11483. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

The U.S. Government Accountability Office (GAO) on Tuesday published a report recommending that Con

A vulnerability was found in M-Files Server up to 23.8 SR6/24.2 SR2/24.8/24.10 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to files or directories accessible. This vulnerability is handled as CVE-2024-10126. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible

A vulnerability has been found in Zyxel P-6101C P-6101CSA6AP_20140331 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTP HEAD Handler. The manipulation leads to improper authentication. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2024-11494. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in M-Files Aino up to 24.9. Affected is an unknown function. The manipulation leads to incorrect calculation. This vulnerability is traded as CVE-2024-11176. It is possible to launch the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves. It is recommended to upgrade the affected component.

悬镜供应链安全情报中心连续捕获多起针对Windows NPM的木马投毒事件，涉及9个恶意组件包，34个不同版本，属于同一攻击者所为。

11月26日，作者大咖深度对话，直播现场福利不停~

A vulnerability, which was classified as very critical, has been found in M-Files Server up to 24.10. This issue affects some unknown processing of the component OpenLDAP Authentication Handler. The manipulation leads to incorrect implementation of authentication algorithm. The identification of this vulnerability is CVE-2024-10127. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

16家？

为数据保护制定适用于所有联邦机构的统一指导方针或法规

A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.3.18. This issue affects some unknown processing of the component Article Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-50655. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Elfsight Telegram Chat CC Plugin up to 1.1.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10390. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Django CMS up to 3.11.7/3.11.8/4.1.2/4.1.3. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11319. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Cisco Webex Teams. This affects an unknown part of the component Web-based Interface. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2020-26067. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco Catalyst SD-WAN Manager. This vulnerability affects unknown code of the component Web UI. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2020-26066. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.