Aggregator

Siemensから各製品向けのアップデートが公開されました。

Reddit及其合作伙伴使用cookies等技术提升用户体验，并用于个性化内容、广告效果等。用户可选择拒绝非必要cookies，但基本功能不受影响。详情请见隐私政策和Cookie说明。

京东 15 万全职骑手全部缴纳五险一金；特斯拉正准备将 FSD 引入日本和泰国市场；李想与罗永浩访谈称理想车主被黑是有操纵的，回应 05 年身家过亿传闻

CSOP 2025·北京站 亮点前瞻

微软确认Windows 10/11安装8月例行更新后重置和恢复选项失效，正在开发带外更新修复问题。部分版本可能引发固态硬盘掉盘问题尚未确认。

作者完成一个漏洞赏金课程后，询问下一步是单独练习常见漏洞（如XSS、SQL注入等）还是通过CTF等任务型活动提升技能，并寻求发现真实网站漏洞的方法。

Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations to the risk of system compromise and data theft. CVE-2025-31324 (CVSS score: 10.0) is a missing authorization check in NetWeaver’s Visual Composer […]

SAP NetWeaver的两个高危漏洞CVE-2025-31324（CVSS 10.0）和CVE-2025-42999（CVSS 9.1）被用于绕过认证并实现远程代码执行，可能导致系统完全接管和数据泄露。

威努特为“国之重器”筑牢安全基座。

複数のマイクロソフト製品には、脆弱性があります。この問題は、Microsoft Updateなどを用いて、更新プログラムを適用することで解決します。詳細は、開発者が提供する情報を参照してください。

Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments.

The uptick in breaches in Asia has prompted a Japanese chipmaker and the Singaporean government to require vendors to pass cybersecurity checks to do business.

A vulnerability, which was classified as problematic, has been found in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. This vulnerability is registered as CVE-2025-9169. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Sitecore CMS 5.3.0/5.3.1/6.0.1/6.0.2. It has been classified as problematic. This vulnerability affects unknown code. Performing manipulation of the argument sc_error results in cross site scripting. This vulnerability is identified as CVE-2009-2163. The attack can be initiated remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Simplog 0.9.3.2. Affected by this issue is some unknown functionality of the file comments.php. Performing manipulation results in improper access controls. This vulnerability is identified as CVE-2009-4091. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as problematic was found in Simplog 0.9.3.2. This affects an unknown part of the file user.php of the component Change Password. Executing manipulation can lead to cross-site request forgery. This vulnerability is tracked as CVE-2009-4092. The attack can be launched remotely. Moreover, an exploit is present.