Aggregator

A vulnerability was found in WONKO Smolder up to 1.51 on Perl. It has been classified as problematic. Affected by this issue is the function rand. The manipulation leads to cryptographically weak prng. This vulnerability is listed as CVE-2024-58041. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in osCommerce 2.3.4.1. It has been declared as critical. This vulnerability affects unknown code of the file product_reviews_write.php. The manipulation of the argument reviews_id results in sql injection. This vulnerability is identified as CVE-2019-25495. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in osCommerce 2.3.4.1. It has been rated as critical. This issue affects some unknown processing of the file product_info.php. This manipulation of the argument products_id causes sql injection. This vulnerability is tracked as CVE-2019-25496. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in osCommerce 2.3.4.1. The affected element is an unknown function of the file shopping_cart.php. Performing a manipulation of the argument currency results in sql injection. This vulnerability is cataloged as CVE-2019-25497. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Tenda W20E 15.11.0.6. This affects the function getMibPrefix. This manipulation of the argument nptr causes buffer overflow. This vulnerability is handled as CVE-2026-24108. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in Tenda W20E 15.11.0.6. This vulnerability affects the function sprintf. Such manipulation of the argument picName leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-24109. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in Tenda W20E 15.11.0.6. Impacted is the function addAuthUser. Executing a manipulation of the argument userInfo can lead to buffer overflow. The identification of this vulnerability is CVE-2026-24111. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-3392. The attack is restricted to local execution. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as critical has been discovered in Mozilla Firefox up to 147. Impacted is an unknown function of the component WebAssembly. Executing a manipulation can lead to type confusion. This vulnerability is tracked as CVE-2026-2796. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 147 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2026-2792. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Mozilla Firefox up to 147. It has been rated as critical. This issue affects some unknown processing of the component Cache. Performing a manipulation results in Remote Code Execution. This vulnerability is identified as CVE-2026-2791. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Mozilla Firefox up to 147 and classified as critical. Affected by this issue is some unknown functionality. The manipulation results in memory corruption. This vulnerability was named CVE-2026-2793. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 147. It has been declared as critical. The affected element is an unknown function of the component GC. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-2795. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mozilla Firefox up to 147 on Android. This vulnerability affects unknown code. The manipulation results in information disclosure. This vulnerability is reported as CVE-2026-2794. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Mozilla Firefox up to 147 and classified as critical. This issue affects some unknown processing of the component JAR. Such manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2026-2790. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

好，我现在需要帮用户总结一篇文章，控制在100字以内。首先，我得仔细阅读文章内容，抓住主要信息。 文章讲的是Chrome为了应对来自OpenAI和Perplexity等公司的AI驱动浏览器的竞争，决定加快发布节奏。从9月开始，发布周期从4周缩短到2周，每次更新都会在稳定性、速度或易用性上有提升。谷歌希望跟上网络平台的变化，并让开发者及时使用新工具。同时，这也意味着Chrome可能面临来自AI浏览器的真正竞争。 接下来，我要把这些要点浓缩成100字以内的总结。要注意不要使用“这篇文章”或“文章内容总结”这样的开头，直接描述内容。 可能的结构是：Chrome加快发布节奏应对AI浏览器竞争，缩短周期至2周，每次更新带来改进，希望保持竞争力并支持开发者。 检查一下字数是否合适，确保信息完整且简洁。 Chrome为应对OpenAI等公司推出的AI驱动浏览器竞争，将发布周期从4周缩短至2周，并承诺每次更新在稳定性、速度或易用性上带来改进。此举旨在保持市场主导地位并支持开发者获取最新工具。

漏洞来源漏洞描述vLLM 是一个用于大型语言模型 (LLM) 的推理和服务引擎。在 0.11.1 版本之前，vllm 的一个名为 Nemotron_Nano_VL_Config 的配置类存在一个严重的远程代码执行漏洞。当 vllm 加载包含 auto_map 条目的模型配置时，该配置类会使用 get_class_from_dynamic_module(...) 解析该映射，并立即实例化返回的类。这

好的，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我需要快速浏览文章内容，抓住主要信息。 文章讲的是Rob在YouTube频道上传了一个视频，详细讲解如何设置最新的DSD Plus版本来解码P25公共安全通信。这个版本是2.547，之前只对Fastlane用户开放，现在公开了。视频里他介绍了新功能，比如FMP24解调器的使用、控制频道监控、获取系统数据、识别通话组以及设置别名等。 接下来，我需要把这些信息浓缩到100字以内。重点包括：视频发布者、内容主题、软件版本、新功能和改进点。要确保语言简洁明了，直接描述内容。 可能的结构是：Rob在频道上传视频，介绍如何设置DSD Plus 2.547解码P25通信，并演示新功能如FMP24解调器和系统数据获取等。 检查一下字数是否符合要求，并确保没有使用“文章内容总结”之类的开头。这样应该能满足用户的需求了。 Rob在YouTube频道上传视频，详细介绍如何设置最新DSD Plus 2.547版本以解码P25公共安全通信，并演示新功能如FMP24解调器使用和系统数据获取等。

漏洞简介vLLM 是大型语言模型（LLM）的推理和服务引擎。在 0.14.1 版本之前，vLLM 项目多模态功能集中的“MediaConnector”类别存在SSRF漏洞。load_from_url和load_from_url_async方法通过用户提供的URL获取和处理媒体，在限制目标主机时使用不同的Python解析库。这两个解析库对反斜线有不同的解释，这使得可以绕过主机名的限制。这使得攻击者能

Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, Microsoft Office, and Visual Studio Code. These vulnerabilities include privilege escalation, remote code execution, and other high-risk vulnerabilities. In this monthly update, 5 vulnerabilities are rated as […]

The post Microsoft’s February Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Microsoft’s February Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.