Aggregator

A vulnerability was found in Intermesh GroupOffice up to 6.8.149/25.0.81/26.0.4. It has been declared as critical. Affected is an unknown function of the component WOPI Service. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-25511. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Canvas up to 1.0.3 on Drupal. It has been classified as critical. This impacts an unknown function. This manipulation causes incorrect authorization. The identification of this vulnerability is CVE-2026-1553. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in IBM Common Cryptographic Architecture and 4769 Developers Toolkit and classified as very critical. This affects an unknown function. The manipulation results in execution with unnecessary privileges. This vulnerability was named CVE-2025-13375. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in NeoRazorX facturascripts up to 2025.80 and classified as critical. The impacted element is the function CodeModel::all of the component Autocomplete. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2026-25514. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in NeoRazorX facturascripts up to 2025.80. The affected element is the function ModelClass::getOrderBy of the component REST API. Executing a manipulation of the argument sort can lead to sql injection. This vulnerability is handled as CVE-2026-25513. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in maziggy bambuddy up to 0.1.6. Impacted is an unknown function. Performing a manipulation results in missing authentication. This vulnerability is known as CVE-2026-25505. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Water-Melon Melon up to 9df9292. This issue affects some unknown processing of the component HTTP. Such manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-71031. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in AlistGo alist up to 3.56.x. This vulnerability affects unknown code. This manipulation causes path traversal. This vulnerability appears as CVE-2026-25161. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in chainguard-dev melange up to 0.40.2. This affects an unknown part of the file pkg/build/pipelines/patch.yaml of the component Configuration Handler. The manipulation results in os command injection. This vulnerability is reported as CVE-2026-25143. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in apollographql apollo-server up to 3.13.0/4.12.x/5.3.x. Affected by this issue is some unknown functionality. The manipulation of the argument startStandaloneServer leads to inefficient regular expression complexity. This vulnerability is documented as CVE-2026-23897. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

NYT 关注了去年引发广泛热议的被称为“中国版 N 号房”事件的 Telegram 偷拍群组 MaskPark。报道称：借助 Telegram 的匿名性、隐藏摄像头的普及和中国在线支付应用程序的便利性，中国女性和女孩偷拍影像的庞大交易正蓬勃发展。人们分享和交易女友、妻子、亲戚和熟人的照片和视频——这种做法在中文被称为“偷拍出卖”。他们还交换陌生人的此类视频。贩卖者常宣称这些影像来自隐蔽摄像头和手机拍摄，或者是黑入监控系统获取的。其中大量涉及偷拍女性裙底的内容，即所谓的“裙底偷拍”。

AI smart glasses are the latest addition to fashion, and they include a camera, a microphone, AI, and privacy risks. After Google Glass failed to gain traction more than a decade ago, the category is seeing renewed interest as companies redesign the technology to look like ordinary eyewear. Meta and privacy The most popular model on the market comes from a partnership between Ray-Ban and Meta, combining mainstream fashion with a company known for privacy … More →

The post Smart glasses are back, privacy issues included appeared first on Help Net Security.

Почему ручные проверки и «накликивание» тормозят бизнес, и как SGRC-подход создает стратегическую безопасность.

因内存和固态硬盘短缺，Valve 将 Steam Machine、Steam Frame 和 Steam Controller 的发售时间从 2026 年第一季度推迟到上半年（实际上就是第二季度）。因 AI 热，内存和固态硬盘供不应求，价格飙升。Valve 表示，不断上涨的零部件价格和有限的供应迫使其重新评估发货计划和定价策略。Valve 此前曾表示，Steam Machine 将定位为入门级 PC。

A vulnerability labeled as problematic has been found in NanoMQ MQTT Broker 0.24.6. Affected by this vulnerability is the function strchr of the component Subscription Handler. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2025-68699. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Navidrome up to 0.59.x. Affected is an unknown function of the file /rest/getCoverArt. Performing a manipulation of the argument size results in resource consumption. This vulnerability is cataloged as CVE-2026-25579. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that

癌症是全世界疾病和死亡的主因。WHO 国际癌症研究所的研究人员分析了 2022 年 185 个国家 36 种不同癌症的病例数据，纳入了 30 种已知的、可改变的癌症风险因素如吸烟、饮酒和感染，估算了与每种风险因素直接相关的病例比例。研究人员认为逾三分之一新癌症病例是可预防的。2022 年全球新增癌症病例共 1870 万例。其中约 38%（即 710 万例）可归因于可避免因素。吸烟是导致癌症的首因，约占可预防病例的 15%，其次是感染（10%）和饮酒（3%）。肺癌、胃癌和宫颈癌占可预防癌症病例的半数。

省去碎片化信息筛选时间，1篇GET网安厂商近期关键动作！

南京众智维信息科技有限公司宣布完成数千万B2轮融资。