思科:注意已遭利用的两个 Catalyst SD-WAN 管理器 0day 漏洞
速修复
Aggregator
电动汽车充电网络告警:Everon OCCP 后端系统存在严重漏洞
1 month ago
速更换
SLH
1 month ago
You must login to view this content
cohenido
开年连中三元!长亭科技全栈智能安全能力获国家级采购全面认可
1 month ago
👍 👍 👍
PR堆积如山?Code Review太费时间?长亭科技发布免费 AI Code Review 机器人
1 month ago
强势围观!
Спросили у ChatGPT - ответили хакеру. Почему не стоит доверять каждому «умному» помощнику
1 month ago
Новый отчёт Microsoft раскрывает масштаб скрытой слежки за пользователями.
Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025
1 month ago
The Google Threat Intelligence Group (GTIG) released its annual analysis, confirming that 90 zero-day vulnerabilities were actively exploited in the wild throughout 2025. While this marks a slight decrease from the record 100 zero-days in 2023, it represents a noticeable increase from 2024’s total of 78. According to Google’s researchers, attackers are shifting their focus […]
The post Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025 appeared first on Cyber Security News.
Abinaya
FBI investigates breach of surveillance and wiretap systems
1 month ago
The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants. [...]
Sergiu Gatlan
CVE-2026-28696 | Craft CMS prior 4.17.0-beta.1/5.9.0-beta.1 GraphQL Directive Elements::parseRefs authorization
1 month ago
A vulnerability classified as problematic was found in Craft CMS. Affected is the function Elements::parseRefs of the component GraphQL Directive Handler. Executing a manipulation can lead to authorization bypass.
The identification of this vulnerability is CVE-2026-28696. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-28783 | Craft CMS prior 5.9.0-beta.1/4.17.0-beta.1 Twig code injection (GHSA-5fvc-7894-ghp4)
1 month ago
A vulnerability was found in Craft CMS and classified as critical. This vulnerability affects unknown code of the component Twig. Such manipulation leads to code injection.
This vulnerability is listed as CVE-2026-28783. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-28782 | Craft CMS prior 4.17.0-beta.1/5.9.0-beta.1 authorization (GHSA-jxm3-pmm2-9gf6)
1 month ago
A vulnerability categorized as problematic has been discovered in Craft CMS. The impacted element is an unknown function. The manipulation results in authorization bypass.
This vulnerability is reported as CVE-2026-28782. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-28781 | Craft CMS prior 4.17.0-beta.1/5.9.0-beta.1 POST Request authorization (GHSA-2xfc-g69j-x2mp)
1 month ago
A vulnerability identified as problematic has been detected in Craft CMS. This affects an unknown function of the component POST Request Handler. This manipulation causes authorization bypass.
This vulnerability appears as CVE-2026-28781. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2025-70218 | D-Link DIR-513 1.10 /goform/formAdvFirewall stack-based overflow
1 month ago
A vulnerability was found in D-Link DIR-513 1.10. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formAdvFirewall. Executing a manipulation can lead to stack-based buffer overflow.
This vulnerability is tracked as CVE-2025-70218. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-70226 | D-Link DIR-513 1.10 formEasySetupWizard curTime stack-based overflow
1 month ago
A vulnerability, which was classified as critical, was found in D-Link DIR-513 1.10. This vulnerability affects unknown code of the file /goform/formEasySetupWizard. Executing a manipulation of the argument curTime can lead to stack-based buffer overflow.
This vulnerability appears as CVE-2025-70226. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2026-26949 | Dell Device Management Agent up to 26.01 authorization (dsa-2026-105 / EUVD-2026-9446)
1 month ago
A vulnerability, which was classified as critical, has been found in Dell Device Management Agent up to 26.01. This impacts an unknown function. The manipulation leads to incorrect authorization.
This vulnerability is uniquely identified as CVE-2026-26949. Local access is required to approach this attack. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-28695 | Craft CMS Twig SSTI create path traversal
1 month ago
A vulnerability, which was classified as critical, has been found in Craft CMS. The impacted element is the function create of the component Twig SSTI. This manipulation causes path traversal.
This vulnerability is registered as CVE-2026-28695. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2025-1394 | Silabs Zigbee Stack up to 4.3.4/2024.6.2 return value (EUVD-2025-23149)
1 month ago
A vulnerability described as critical has been identified in Silabs Zigbee Stack up to 4.3.4/2024.6.2. This vulnerability affects unknown code. The manipulation results in unchecked return value.
This vulnerability was named CVE-2025-1394. The attack needs to be approached within the local network. There is no available exploit.
vuldb.com
U.S. CISA adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog
1 month ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2023-43000 is a use-after-free issue in the WebKit component. Apple […]
Pierluigi Paganini
Beyond the Perimeter: Auditing Active Directory Security with ADPulse’s 35-Point Automated Scan
1 month ago
ADPulse — Active Directory Security Scanner ADPulse is an open-source Active Directory security auditing tool that connects to
The post Beyond the Perimeter: Auditing Active Directory Security with ADPulse’s 35-Point Automated Scan appeared first on Penetration Testing Tools.
ddos
成果分享 | [NDSS 2026] 跨设备认证研究:以三大用户权利筑牢登录安全防线
1 month ago
复旦大学系统软件与安全实验室在跨设备认证安全领域取得新进展