Aggregator

报告时间：2026年5月25日（周一）下午15:30-17:00

МВД предупредило о новой схеме мошенников.

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the […]

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Wi

A vulnerability has been found in libpng 1.8.0 and classified as critical. Affected is an unknown function of the component APNG Parser. The manipulation leads to interpretation conflict. This vulnerability is documented as CVE-2026-40930. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability, which was classified as problematic, was found in Mattermost Plugins up to 11.5.1. This impacts an unknown function of the component Group Handler. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-6342. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mattermost Plugins up to 11.5.1. This affects an unknown function of the component API Request Handler. Performing a manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2026-6341. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.13/11.4.3/11.5.1. The impacted element is an unknown function. Such manipulation leads to uncontrolled memory allocation. This vulnerability is listed as CVE-2026-6340. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Mattermost up to 10.11.13/11.5.1. The affected element is an unknown function of the component Configuration Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-3495. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in RRWO Net::Statsd::Lite up to 0.10.0 on Perl. Impacted is the function set_add. The manipulation results in crlf injection. This vulnerability is identified as CVE-2026-8788. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in Mattermost up to 10.11.13/11.5.1. This issue affects some unknown processing of the component OAuth Authorization. The manipulation leads to authentication bypass by primary weakness. This vulnerability is referenced as CVE-2026-6334. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Mattermost up to 10.11.13/11.5.1. This vulnerability affects unknown code of the component Invite Handler. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-4273. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Mattermost up to 10.11.13/11.4.3/11.5.1. This affects an unknown part of the component Membership Handler. Performing a manipulation results in incorrect authorization. This vulnerability was named CVE-2026-28759. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Mattermost up to 10.11.13/11.4.3/11.5.1. Affected by this issue is the function create_post of the component API. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-3637. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Mattermost up to 10.11.13/11.4.3/11.5.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file /api/v1/meetings of the component Start Meeting API Endpoint. This manipulation of the argument request body causes allocation of resources. This vulnerability is handled as CVE-2026-2325. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

New StorybyJon Stojan JournalistbyJon Stojan Journalist@jonstojanjournalistJon Stojan is a professi

Discover CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow vulnerability. Learn about the affected versions and critical patch updates.

员工易中钓鱼陷阱？一键开展实战演练，即刻免费申领试用👉

Mythos 在检测软件漏洞方面似乎确实如其所宣称的那样强大；但它在其他方面的能力则更为微妙。