Aggregator

A vulnerability described as critical has been identified in Apache HTTP Server up to 2.7.6. Impacted is an unknown function of the component mod_python. Executing manipulation can lead to improper privilege management. This vulnerability is registered as CVE-2002-0185. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Microsoft SQL Server 2000. It has been classified as problematic. This affects an unknown function of the component SQLXML. Performing manipulation of the argument root results in basic cross site scripting. This vulnerability is known as CVE-2002-0187. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to install a patch to address this issue.

A vulnerability classified as problematic was found in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration["PASSWORD"] results in os command injection. This vulnerability is reported as CVE-2025-10767. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in jeecgboot JimuReport up to 2.1.2 and classified as critical. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. This vulnerability is known as CVE-2025-10770. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in jeecgboot JimuReport up to 2.1.2 and classified as critical. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. This vulnerability is handled as CVE-2025-10771. The attack can be executed remotely. Additionally, an exploit exists.

当前环境出现异常，需完成验证后才能继续访问。

马斯克：特斯拉股东投票结果对公司至关重要；刘强东「10 年 1 元年薪」之约到期；研究发现天赋异禀的狗具有人类般的「词语标签」理解能力

当前环境出现异常状态，需完成验证后才能继续访问。

当前环境出现异常提示，需完成验证后方可继续访问。

当前环境出现异常，需完成验证后方可继续访问。请前往验证页面进行操作。

当前环境出现异常,需完成验证后方可继续访问。

银狐黑产某服务器样本文件分析

美团 LongCat 团队正式发布全新高效推理模型 LongCat-Flash-Thinking。综合评估显示，LongCat-Flash-Thinking 在逻辑、数学、代码、智能体等多个领域的推理任务中，达到了全球开源模型的最先进水平（SOTA）。

伊朗APT组织UNC1549伪装成招聘人员通过LinkedIn攻击目标公司员工，利用恶意软件和DLL侧加载技术植入后门MINIBIKE窃取信息，并采用多种反检测技术长期潜伏。该组织利用云服务隐藏攻击行为，提醒企业警惕社交工程攻击和技术威胁。

文章探讨了如何通过提供业务逻辑、明确资产范围、设置奖励层级、限时激励和公开项目来吸引更多高严重性漏洞提交。

为医务人员提供灵活、高效、安全的IT工作环境。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.85/6.0.15/6.1.1. The affected element is the function wpcm450_aic_of_init. This manipulation causes memory leak. This vulnerability appears as CVE-2022-50416. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.