Aggregator

Currently trending CVE - Hype Score: 1 - Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a ...

Культовый бренд из эпохи калькуляторов решил напомнить людям истинное предназначение мобильника.

A vulnerability classified as critical has been found in Linux Kernel up to 6.19.10. This impacts the function media_request_ioctl_reinit of the component media. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2026-31473. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.20/6.19.10. The impacted element is the function iptfs_clone_state of the component xfrm. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2026-31471. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.18.20/6.19.10. This affects the function __input_process_payload of the component xfrm. Such manipulation leads to infinite loop. This vulnerability is documented as CVE-2026-31472. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.79/6.18.20/6.19.10. Affected by this issue is some unknown functionality. Executing a manipulation can lead to buffer overflow. This vulnerability is tracked as CVE-2026-31470. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.10. The affected element is the function vfio_pci_core_feature_dma_buf of the component File Descriptor Handler. The manipulation results in double free. This vulnerability is cataloged as CVE-2026-31468. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.19.10 and classified as critical. This affects the function free_old_xmit in the library lib/percpu_counter.c of the component virtio_net. The manipulation results in use after free. This vulnerability is identified as CVE-2026-31469. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.18.28/7.0.5/7.1-rc2. Affected by this vulnerability is the function rxrpc_input_call_event of the component rxrpc. Such manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2026-43500. The attack can only be initiated within the local network. Moreover, an exploit is present. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.6.137/6.12.86/6.18.27/7.0.4 and classified as critical. Affected by this issue is the function skb_splice_from_iter of the component xfrm. Executing a manipulation can lead to write-what-where condition. The identification of this vulnerability is CVE-2026-43284. The attack needs to be done within the local network. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

俄罗斯安全公司卡巴斯基对中俄 Steam 用户发出警告，恶意墙纸正在 Steam 创意工坊快速扩散，其目的是劫持他们的账号。攻击者利用了热门墙纸应用 Wallpaper Engine 创意工坊分享功能的漏洞，恶意程序隐藏在分享的壁纸包中。运行被感染的壁纸会导致 Steam 账号被盗，或者系统被植入后门或加密货币挖矿程序。安全研究人员在创意工坊发现了数十款恶意壁纸，每一款都被下载了数千次，甚至数万次。黑客主要针对中国 Steam 用户，墙纸的艺术风格和标题都专门针对中国玩家量身定制，中国玩家的下载量最多，占到了总下载量的  89.4%，其次是俄罗斯的 5.5%，新加坡 (1.4%)、香港 (0.9%)、德国 (0.9%)、越南 (0.9%)、印度 (0.5%) 和加拿大 (0.5%)。Steam 目前已经移除了包含恶意程序的墙纸。

A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose.

A vulnerability was found in vLLM and classified as critical. The affected element is an unknown function of the component Activation. Executing a manipulation can lead to code injection. This vulnerability is tracked as CVE-2026-41523. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Apache DolphinScheduler up to 3.4.1 and classified as critical. Impacted is an unknown function of the file /access-tokens of the component Access Token Handler. Performing a manipulation results in privilege escalation. This vulnerability is identified as CVE-2026-49050. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Yoast BV Yoast SEO Premium Plugin up to 26.6 on WordPress. This issue affects some unknown processing. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-40722. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Teldat Regesta Smart HD-PLC up to 11.02.05.10.02. This vulnerability affects unknown code of the component Web Interface. This manipulation causes allocation of resources. The identification of this vulnerability is CVE-2026-27869. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Teldat Regesta Smart HD-PLC up to 11.02.05.10.02. This affects an unknown part of the file /upgrade/query.php of the component Configuration File Handler. The manipulation of the argument Hostname results in cross site scripting. This vulnerability was named CVE-2026-27870. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Apache DolphinScheduler up to 3.4.1. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-47340. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.