Aggregator
PowerSchool hacker sentenced to 4 years in prison
8 months 2 weeks ago
Matthew Lane, who demanded a ransom of $2.9 million from PowerSchool in exchange for not leaking personal data belonging to more than 70 million people, also was ordered to pay about $14 million in restitution and a $25,000 fine.
恶意加密货币窃取型 VSCode 扩展在 OpenVSX 再次出现
8 months 2 weeks ago
安全客
U.S. Identity Data Sold on a Popular Forum; Fullz, SSN, DL, EIN, More
8 months 2 weeks ago
U.S. Identity Data Sold on a Popular Forum; Fullz, SSN, DL, EIN, More
Dark Web Informer
CVE-2024-31450 | Owncast up to 0.1.2 Administrator API /api/admin path traversal (GHSL-2023-277)
8 months 2 weeks ago
A vulnerability was found in Owncast up to 0.1.2. It has been classified as critical. Impacted is an unknown function of the file /api/admin of the component Administrator API. Performing manipulation results in path traversal.
This vulnerability is identified as CVE-2024-31450. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2023-48184 | QuickJS Garbage Collection quickjs.h JS_FreeValueRT use after free (Issue 198 / 7414e5f)
8 months 2 weeks ago
A vulnerability was found in QuickJS. It has been declared as problematic. Affected by this vulnerability is the function JS_FreeValueRT of the file quickjs.h of the component Garbage Collection Handler. Executing manipulation can lead to use after free.
This vulnerability appears as CVE-2023-48184. The attacker needs to be present on the local network. There is no available exploit.
A patch should be applied to remediate this issue.
vuldb.com
CVE-2023-45196 | Adminer/AdminerEvo up to 4.8.3 HTTP Redirect resource consumption
8 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Adminer and AdminerEvo up to 4.8.3. Impacted is an unknown function of the component HTTP Redirect Handler. Performing manipulation results in resource consumption.
This vulnerability is identified as CVE-2023-45196. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2023-45195 | Adminer/AdminerEvo up to 4.8.3 Database Connection Field server-side request forgery
8 months 2 weeks ago
A vulnerability was found in Adminer and AdminerEvo up to 4.8.3 and classified as critical. This affects an unknown function of the component Database Connection Field Handler. The manipulation results in server-side request forgery.
This vulnerability is cataloged as CVE-2023-45195. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2024-28219 | python-pillow up to 10.2.x _imagingcms.c buffer overflow (DLA 3786-1 / EUVD-2024-1085)
8 months 2 weeks ago
A vulnerability labeled as critical has been found in python-pillow up to 10.2.x. This vulnerability affects unknown code of the file _imagingcms.c. The manipulation results in buffer overflow.
This vulnerability is cataloged as CVE-2024-28219. The attack must originate from the local network. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2025-10303 | Library Management System Plugin up to 3.1 on WordPress Setting owt7_library_management_ajax_handler authorization (EUVD-2025-34549)
8 months 2 weeks ago
A vulnerability was found in Library Management System Plugin up to 3.1 on WordPress. It has been rated as problematic. The affected element is the function owt7_library_management_ajax_handler of the component Setting Handler. Performing manipulation results in missing authorization.
This vulnerability is reported as CVE-2025-10303. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-10312 | Theme Importer Plugin up to 1.0 on WordPress theme-importer.php cross-site request forgery (EUVD-2025-34550)
8 months 2 weeks ago
A vulnerability categorized as problematic has been discovered in Theme Importer Plugin up to 1.0 on WordPress. This issue affects some unknown processing of the file theme-importer.php. Such manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2025-10312. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-10300 | TopBar Plugin up to 1.0.0 on WordPress Setting fme_nb_topbar_save_settings cross-site request forgery (EUVD-2025-34551)
8 months 2 weeks ago
A vulnerability classified as problematic has been found in TopBar Plugin up to 1.0.0 on WordPress. Affected by this issue is the function fme_nb_topbar_save_settings of the component Setting Handler. Performing manipulation results in cross-site request forgery.
This vulnerability was named CVE-2025-10300. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-11722 | Woocommerce Category and Products Accordion Panel Plugin Shortcode categoryaccordionpanel file inclusion (EUVD-2025-34556)
8 months 2 weeks ago
A vulnerability identified as critical has been detected in Woocommerce Category and Products Accordion Panel Plugin up to 1.0 on WordPress. This affects the function categoryaccordionpanel of the component Shortcode Handler. This manipulation causes file inclusion.
This vulnerability is handled as CVE-2025-11722. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-10743 | Outdoor Plugin up to 1.3.2 on WordPress sql injection (EUVD-2025-34555)
8 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Outdoor Plugin up to 1.3.2 on WordPress. Affected by this issue is some unknown functionality. Executing manipulation can lead to sql injection.
This vulnerability is tracked as CVE-2025-10743. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-58738 | Microsoft Windows up to Server 2025 Inbox COM Objects use after free (EUVD-2025-34307)
8 months 2 weeks ago
A vulnerability has been found in Microsoft Windows and classified as critical. The impacted element is an unknown function of the component Inbox COM Objects. Performing manipulation results in use after free.
This vulnerability is identified as CVE-2025-58738. The attack is only possible with local access. There is not any exploit available.
It is suggested to install a patch to address this issue.
vuldb.com
F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion
8 months 2 weeks ago
U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product.
It attributed the activity to a "highly sophisticated nation-state threat actor," adding the adversary maintained long-term, persistent access to its network. The
The Hacker News
Касперский против ChatGPT: как антивирус вычислил вредонос, написанный ИИ
8 months 2 weeks ago
Атаки начались в сентябре и затронули предприятия авиационной и радиопромышленности.
[Control systems] ABB security advisory (AV25-670)
8 months 2 weeks ago
Canadian Centre for Cyber Security
致妈妈
8 months 2 weeks ago
妈妈,您离开已经一年,思念、自责时时萦绕于心,但最想说的是很幸运这一世当了您的女儿,且更重要的是您给予我平等和信任。我在您的期盼中来到这个世界,有备受呵护的幼年,放养的童年。青少年时期,我也被您保护得很好,您努力将家庭苦难对我的影响降至最低,鼓励我追逐梦想,呵护我的好奇心和探索欲。成年后,当我受到感情挫折的时候,您也一直在,很坚定地告诉我没什么,实则内心暗自担忧却从不表露,甚至没有劝我选择可能更容易的退路。我亲爱的妈妈,生前那么爱我,离去后还是给我留下乐观和理想主义,留下的记忆充盈着我也时时温暖着我。
您的离去,令我痛彻心扉、追悔莫及,为那些自以为是的认知,为那些缺乏同理心的争辩,为我没有尽力做得更多更好。我遗憾没有告别没有拥抱没有亲吻。
这一年,我慢下来了,诸多往事浮现,带着我穿越时光更多去理解您——亲爱的陈女士。我看到您的善良,乐于帮助亲友甚至陌生人,待人平等真诚。您也总是更多记得别人的好,您最时常跟我说:“点滴之恩当涌泉相报”。您写有一手极好的钢笔字,您案头写作来得很快,您最铿锵有力的一句话:“枯木都要逢春,何况我是一个人”。关键时候温柔的您也不缺果敢和决断,比如做出家庭重要投资决策的时刻。更多时候您在苦难中隐忍却又乐观,你总是会去想办法解决问题。您走后,我回到家里,看到那些阳台上的花草,那些您精心挑选的日常器皿。今天我又翻出您当年阳台养的花,您花了若干日夜完成的十字绣。您很平凡,充满磨难的一生,您做着对自己有意义的事,在纷繁世间独立探寻自己的道,且从未失去过对生活的热情,至老至死,您是一个勇士。
有一天在我的梦里,您和爸爸在我下班后一起去游乐园。您特别果敢选择去玩一个跳水的项目。您丝毫不带犹豫地“冰棍入水”。我看到您在入水瞬间笑靥如花。醒来后,我前所未有的释然,也许在另一个世界,您终于可以自由追逐自己的梦想,无拘无束,无所羁绊。
SecWiki News 2025-10-15 Review
8 months 2 weeks ago
今日暂未更新资讯~
更多最新文章,请访问SecWiki
更多最新文章,请访问SecWiki