Aggregator

Currently trending CVE - Hype Score: 4 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Колёса с дачи, моторы с детского электромобиля — рецепт идеального гигантского робота.

Popular browser extensions have historically been perceived as benign, utilitarian artifacts—innocuous implements such as color droppers, ad-blockers, or

The post Phoenix Invicta Extension Malware Strips CSP Headers to Bypass Manifest V3 appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, was found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0. This vulnerability affects unknown code. Such manipulation leads to improperly controlled modification of object prototype attributes. This vulnerability is traded as CVE-2026-42232. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0. It has been rated as critical. Affected is an unknown function of the component XML Handler. This manipulation causes improperly controlled modification of object prototype attributes. This vulnerability is tracked as CVE-2026-42231. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0. This affects an unknown part of the file /mcp-oauth/register. This manipulation of the argument redirect_uri causes open redirect. This vulnerability appears as CVE-2026-42230. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0. This affects an unknown function of the file /chat of the component WebSocket Endpoint. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-42228. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical has been found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0. This affects an unknown function of the component Query String Handler. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-42229. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Mattermost up to 11.5.1. This affects an unknown function of the component Gitlab Plugin. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-3117. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Mattermost Desktop App up to 5.4.13/6.0.1/6.1.x. Affected by this vulnerability is the function window.close. The manipulation leads to improper check for unusual conditions. This vulnerability is listed as CVE-2026-4643. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Mattermost Desktop App up to 5.4.13/6.0.1/6.1.x. This impacts an unknown function. Performing a manipulation results in improper authorization in handler for custom url scheme. This vulnerability is identified as CVE-2026-3471. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

American fueling stations have fallen victim to a coordinated cyber-infiltration campaign. Unidentified adversaries breached the telemetry frameworks responsible

The post Suspected Iranian Hackers Breach US Gas Station Fuel Monitoring Systems appeared first on Penetration Testing Tools.

文末附安全云办公 4.0 新品发布会直播回放

2026年5月15日，山石网科在北京举办“双A领航・智优芯生”2026媒体圆桌会。

4月全球数据泄露态势月报来了：全球数百亿行数据流出，这些行业最危险

在当前场景下我并不想要這点多余的空白，可以通過以下方法解决：1.將图片設為 display: block; ，变成块级元素，不再是行內元素，也就不受基线影响

Supply Chain Attack / Developer SecurityCybersecurity researchers have flagged a compromised versi

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 million installations. "Within

Babel Street has launched Insights Investigator, a new agentic capability that puts tradecraft-trained AI agents at the front edge of investigative work while ensuring analysts remain in control of scope, logic, and outcomes of their missions. As part of the Babel Street Insights platform, Investigator represents a shift from search and AI-assisted queries to analyst-directed, AI-executed investigations. Threat actors are no longer constrained by human bandwidth. Nation-state adversaries, organized criminal networks, and hostile foreign intelligence … More →

The post Babel Street targets AI-driven threats with new agentic investigation capabilities appeared first on Help Net Security.

Kubernetes 联合创始人、微软副总裁 Brendan Burns 在北美开源峰会上突然宣布了一个通用 Linux 发行版。微软以前发布过 Linux 应用，针对边缘计算设备的 Azure Sphere，Linux 容器软件平台 CBL-Marnier——后更名为 Azure Linux，但此前从未发布过通用发行版。微软 Azure 开源团队首席项目经理 Lachlan Everson 表示，通过 Azure Linux 4.0，微软正致力于将 Azure Linux 转变成一个功能完整的通用云发行版。Azure Linux 4.0 是基于 Fedora Linux 发行版，已发布在 GitHub 上，使用 Fedora 的 RPM 包管理系统，深度整合 Azure 云平台。开发者可以通过 WSL 在 Windows 11 上运行 Azure Linux 4.0，但没有 GUI。微软承诺为 Azure Linux 每月释出补丁，如果出现重要漏洞，微软也承诺及时释出补丁。