全球网络安全事件汇总:高危Lucee漏洞允许认证管理员执行远程代码;Apache Tomcat和Camel遭遇大规模攻击;恶意Firefox扩展窃取加密货币;微软Edge修复高危漏洞;巴西CIEE数据泄露;Azure API漏洞泄露VPN密钥;新型Hpingbot发动DDoS攻击;PHP高危漏洞需紧急修复;Anthropic MCP服务器漏洞可能导致远程代码执行;黑客伪造Cloudflare界面传播恶意软件。

FreeBuf早报 | 高危Lucee漏洞通过计划任务滥用实现认证RCE;Apache组件遭大规模攻击
FreeBuf网络安全行业门户
FreeBuf网络安全行业门户 ·

本周「FreeBuf周报」总结了多个高危漏洞,包括Linux Sudo、Lucee和Apache,建议及时更新修复。同时,介绍了新型macOS恶意软件及AI生成网址的安全风险,强调加强安全防护和意识培训。

FreeBuf周报 | Linux高危Sudo漏洞可提权至root并绕过限制;Lucee应用服务器曝高危漏洞
FreeBuf网络安全行业门户
FreeBuf网络安全行业门户 ·

高性能开源CFML应用服务器Lucee存在严重安全漏洞CVE-2025-34074,CVSS评分9.4,允许认证管理员滥用计划任务执行任意代码。所有支持计划任务的Lucee版本均受影响,建议立即限制管理界面访问并审计任务。

高危Lucee漏洞(CVE-2025-34074,CVSS 9.4):通过计划任务滥用实现认证RCE,Metasploit模块已公开
FreeBuf网络安全行业门户
FreeBuf网络安全行业门户 ·
如何在Linux上运行SF7 Lucee

如何在Linux上运行SF7 Lucee
DEV Community
DEV Community ·
Fixinator的新兼容性扫描器

Fixinator的新兼容性扫描器
Pete Freitag's Homepage
Pete Freitag's Homepage ·
Fixinator 修复未作用域限定的变量

Fixinator 修复未作用域限定的变量
Pete Freitag's Homepage
Pete Freitag's Homepage ·
2024年2月Lucee远程代码执行漏洞

2024年2月Lucee远程代码执行漏洞
Pete Freitag's Homepage
Pete Freitag's Homepage ·

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL. ColdFusion / Lucee and OpenSSL As far as I know...

OpenSSL and ColdFusion / Lucee / Tomcat
Pete Freitag's Homepage
Pete Freitag's Homepage ·

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL. ColdFusion / Lucee and OpenSSL As far as I know...

OpenSSL and ColdFusion / Lucee / Tomcat
Pete Freitag's Homepage
Pete Freitag's Homepage ·

A really handy feature of the arrayEach() function is the parallel argument. It has been supported in Lucee since 4.5, but ColdFusion 2021 now supports it as well. What does the arrayEach function...

Simple Parallel Execution in ColdFusion or Lucee
Pete Freitag's Homepage
Pete Freitag's Homepage ·
👤 个人中心
在公众号发送验证码完成验证