Aggregator

疯狂！

A vulnerability, which was classified as critical, has been found in Redis. This affects an unknown function of the component Codec Encoder. This manipulation causes crlf injection. This vulnerability is handled as CVE-2026-42586. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in netty netty-codec-mqtt up to 4.1.133.Final/4.2.13.Final. It has been classified as problematic. This issue affects the function decodeVariableHeader of the component Properties Section. This manipulation causes resource consumption. This vulnerability is tracked as CVE-2026-44248. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Netty up to 1.0/1.1/4.1.133.Final/4.2.13.Final. The impacted element is an unknown function of the component HTTPObjectDecoder. Executing a manipulation can lead to http request smuggling. This vulnerability is registered as CVE-2026-42581. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in netty netty-codec-http up to 4.1.133.Final/4.2.13.Final. This impacts the function queue.poll. The manipulation results in http request smuggling. This vulnerability is reported as CVE-2026-42584. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in netty netty-codec-http up to 4.1.133.Final/4.2.13.Final. Affected is an unknown function. This manipulation causes http request smuggling. This vulnerability appears as CVE-2026-42585. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in MISP up to 2.5.36. Affected by this vulnerability is an unknown functionality. Executing a manipulation of the argument uuid can lead to improper input validation. This vulnerability appears as CVE-2026-44379. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in MISP up to 2.5.36 and classified as critical. This vulnerability affects unknown code. This manipulation causes sql injection. This vulnerability is handled as CVE-2026-44381. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in MISP up to 2.5.36. It has been declared as critical. The affected element is an unknown function. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-44380. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dataease SQLBot up to 1.7.x. It has been classified as critical. This affects an unknown function of the file /api/v1/datasource/exportDsSchema. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2026-42463. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in OPNsense up to 26.1.6 and classified as problematic. The affected element is the function lockout_handler of the component Username Handler. Performing a manipulation results in improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2026-44195. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Banks across the United States, Europe, and Japan are accelerating efforts to strengthen cy

Cybersecurity researchers are warning that attackers have already started exploiting a newl

C’è una data che molti soggetti NIS stanno guardando con una certa apprensione: il 31 maggio 2026. È

根据发表在《国家科学评论》期刊上的一项研究，中科院研究团队汇总 588 个湖泊的高精度实测水下地形和水深数据。研究发现，我国湖泊水深受地形地貌影响，西部高海拔内流湖盆区受构造断陷和冰川侵蚀影响，形成了深水湖泊，而东部平原因长期泥沙淤积，形成浅碟形湖泊。全国湖泊总蓄水量约 1081-1285 立方公里，其中淡水约 335 立方公里，咸水约 839 立方公里。约 65% 的湖泊淡水储存于青藏高原等西部内流湖盆区少数几个深水开放型湖泊。学界对我国淡水湖的关注多聚焦于东部平原区及云贵高原，但本研究发现，青藏高原不仅拥有塔若错、玛旁雍错、吴如错等超大型深水淡水湖，其湖区天然湖泊的淡水总储量超过东部平原湖区：青藏高原湖泊区人均储量约为 20680 立方米，而东部平原湖泊区人均储量仅为 65 立方米，两者相差近 330 倍。

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspec

INTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to 201 arrests and identifying 382 additional suspects. ” A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a […]

Bridewell report calls out emergence of “fix-style” attacks