AI 时代中国网络安全产业的五年变局||安全从业者的五年“职场断层”与“技能重塑”
未来五年,行业将完成从"人海战术"向"超级指挥官+AI智能体兵团"的进化。
Aggregator
Lynx
1 week ago
You must login to view this content
cohenido
Lynx
1 week ago
You must login to view this content
cohenido
CVE-2026-25569 | Siemens SICAM SIAPP SDK up to 2.1.6 out-of-bounds write (ssa-903736 / WID-SEC-2026-0654)
1 week ago
A vulnerability was found in Siemens SICAM SIAPP SDK up to 2.1.6. It has been declared as critical. Affected is an unknown function. Such manipulation leads to out-of-bounds write.
This vulnerability is traded as CVE-2026-25569. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-25570 | Siemens SICAM SIAPP SDK up to 2.1.6 stack-based overflow (ssa-903736 / WID-SEC-2026-0654)
1 week ago
A vulnerability was found in Siemens SICAM SIAPP SDK up to 2.1.6. It has been rated as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in stack-based buffer overflow.
This vulnerability is known as CVE-2026-25570. Attacking locally is a requirement. No exploit is available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-25571 | Siemens SICAM SIAPP SDK up to 2.1.6 length parameter (ssa-903736 / WID-SEC-2026-0654)
1 week ago
A vulnerability categorized as problematic has been discovered in Siemens SICAM SIAPP SDK up to 2.1.6. Affected by this issue is some unknown functionality. Executing a manipulation can lead to improper handling of length parameter inconsistency.
This vulnerability is handled as CVE-2026-25571. It is possible to launch the attack on the local host. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-25572 | Siemens SICAM SIAPP SDK up to 2.1.6 length parameter (ssa-903736 / WID-SEC-2026-0654)
1 week ago
A vulnerability identified as problematic has been detected in Siemens SICAM SIAPP SDK up to 2.1.6. This affects an unknown part. The manipulation leads to improper handling of length parameter inconsistency.
This vulnerability is uniquely identified as CVE-2026-25572. Local access is required to approach this attack. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2026-25573 | Siemens SICAM SIAPP SDK up to 2.1.6 file inclusion (ssa-903736 / WID-SEC-2026-0654)
1 week ago
A vulnerability described as critical has been identified in Siemens SICAM SIAPP SDK up to 2.1.6. Impacted is an unknown function. Such manipulation leads to file inclusion.
This vulnerability is referenced as CVE-2026-25573. The attack can only be performed from a local environment. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-25605 | Siemens SICAM SIAPP SDK up to 2.1.6 file inclusion (ssa-903736 / WID-SEC-2026-0654)
1 week ago
A vulnerability classified as problematic has been found in Siemens SICAM SIAPP SDK up to 2.1.6. The affected element is an unknown function. Performing a manipulation results in file inclusion.
This vulnerability is identified as CVE-2026-25605. The attack is only possible with local access. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-25190 | Microsoft Windows 10 Version 22H2 for 32-bit Systems up to Server 2025 untrusted search path
1 week ago
A vulnerability classified as critical was found in Microsoft Windows 10 Version 22H2 for 32-bit Systems. This affects an unknown function. The manipulation results in untrusted search path.
This vulnerability was named CVE-2026-25190. The attack needs to be approached locally. There is no available exploit.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-25179 | Microsoft Windows up to Server 2025 Ancillary Function Driver for WinSock improper validation of specified type of input
1 week ago
A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Ancillary Function Driver for WinSock. Executing a manipulation can lead to improper validation of specified type of input.
This vulnerability is registered as CVE-2026-25179. The attack needs to be launched locally. No exploit is available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-25180 | Microsoft Windows up to Server 2025 Graphics out-of-bounds
1 week ago
A vulnerability was found in Microsoft Windows. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Graphics. The manipulation leads to out-of-bounds read.
This vulnerability is documented as CVE-2026-25180. The attack can be initiated remotely. There is not any exploit available.
Applying a patch is the recommended action to fix this issue.
vuldb.com
CVE-2026-25181 | Microsoft Windows up to Server 2025 GDI+ out-of-bounds
1 week ago
A vulnerability categorized as problematic has been discovered in Microsoft Windows. This affects an unknown part of the component GDI+. The manipulation results in out-of-bounds read.
This vulnerability is reported as CVE-2026-25181. The attack can be launched remotely. No exploit exists.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2026-25185 | Microsoft Windows up to Server 2025 Shell Link information disclosure
1 week ago
A vulnerability identified as problematic has been detected in Microsoft Windows. This vulnerability affects unknown code of the component Shell Link. This manipulation causes information disclosure.
This vulnerability appears as CVE-2026-25185. The attack may be initiated remotely. There is no available exploit.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2026-25186 | Microsoft Windows up to Server 2025 Accessibility Infrastructure ATBroker.exe information disclosure
1 week ago
A vulnerability labeled as problematic has been found in Microsoft Windows. This issue affects some unknown processing of the file ATBroker.exe of the component Accessibility Infrastructure. Such manipulation leads to information disclosure.
This vulnerability is traded as CVE-2026-25186. An attack has to be approached locally. There is no exploit available.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2026-25187 | Microsoft Windows up to Server 2025 Winlogon link following
1 week ago
A vulnerability marked as critical has been reported in Microsoft Windows. Impacted is an unknown function of the component Winlogon. Performing a manipulation results in link following.
This vulnerability is known as CVE-2026-25187. Attacking locally is a requirement. No exploit is available.
It is suggested to install a patch to address this issue.
vuldb.com
CVE-2026-25188 | Microsoft Windows up to Server 2025 Telephony Service heap-based overflow (Nessus ID 301776)
1 week ago
A vulnerability described as critical has been identified in Microsoft Windows. The affected element is an unknown function of the component Telephony Service. Executing a manipulation can lead to heap-based buffer overflow.
This vulnerability is handled as CVE-2026-25188. The attack can only be done within the local network. There is not any exploit available.
A patch should be applied to remediate this issue.
vuldb.com
CVE-2026-25189 | Microsoft Windows 10 21H2/10 22H2/10 1809/Server 2019/Server 2022 DWM Core Library use after free
1 week ago
A vulnerability classified as critical has been found in Microsoft Windows 10 1809/10 21H2/10 22H2/Server 2019/Server 2022. The impacted element is an unknown function of the component DWM Core Library. The manipulation leads to use after free.
This vulnerability is uniquely identified as CVE-2026-25189. Local access is required to approach this attack. No exploit exists.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
AI coding agents keep repeating decade-old security mistakes
1 week ago
Coding agents are now writing production features on real development teams, and a new report from DryRun Security shows that those agents introduce security vulnerabilities at a high rate across nearly every type of application they build. “AI coding agents can produce working software at incredible speed, but security isn’t part of their default thinking,” said James Wickett, CEO of DryRun Security. “In our usage and experience, AI coding agents often missed adding security components … More →
The post AI coding agents keep repeating decade-old security mistakes appeared first on Help Net Security.
Anamarija Pogorelec
CVE-2026-26311 | envoyproxy envoy up to 1.34.12/1.35.8/1.36.4/1.37.0 Filter decodeData use after free (GHSA-84xm-r438-86px / WID-SEC-2026-0704)
1 week ago
A vulnerability identified as critical has been detected in envoyproxy envoy up to 1.34.12/1.35.8/1.36.4/1.37.0. Affected by this vulnerability is the function FilterManager::decodeData of the component Filter Handler. Performing a manipulation results in use after free.
This vulnerability was named CVE-2026-26311. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
vuldb.com