Aggregator

A vulnerability described as critical has been identified in chainguard-dev malcontent up to 1.20.2. This issue affects the function handleSymlink of the component Tar Handler. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-24846. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in sharpred deepHas up to 1.0.6. Impacted is an unknown function of the component Global Object Handler. The manipulation results in improperly controlled modification of object prototype attributes. This vulnerability was named CVE-2026-25047. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.

Submit #741283 / VDB-343482

Submit #741281 / VDB-343481

Windows 11 的用户数突破了 10 亿，但微软也承认 Windows 11 存在信任问题，表示 2026 年将集中精力解决该问题。Windows 和设备部门总裁 Pavan Davuluri 表示该公司从用户和 Windows Insiders 测试者收到了明确的反馈，需要以对用户真正有意义的方式改进 Windows，该公司计划 2026 年重点解决包括系统性能、可靠性和整体用户体验在内的痛点。微软一月例行安全更新导致了一系列严重问题，以及 Windows 11 出现太多的广告都招致了用户不满。

A vulnerability has been found in Totolink A3600R 5.9c.4959 and classified as critical. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. This vulnerability is cataloged as CVE-2026-1686. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2026-1685. The attack may be performed from remote. In addition, an exploit is available.

В США завершилось следствие по делу крупнейшего даркнет-рынка.

A vulnerability, which was classified as problematic, has been found in llamastack Llama Stack up to 0.4.0rc2. This affects an unknown part of the component pgvector Password Handler. This manipulation causes sensitive information in log files. This vulnerability is tracked as CVE-2026-25211. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.

Submit #740888 / VDB-343480

A vulnerability classified as problematic was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. This vulnerability is identified as CVE-2026-1684. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.

Submit #740886 / VDB-343479

A vulnerability classified as problematic has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-1683. Remote exploitation of the attack is possible. Furthermore, an exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability described as problematic has been identified in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-1682. The attack may be launched remotely. Furthermore, there is an exploit available. A patch should be applied to remediate this issue.

A vulnerability identified as critical has been detected in pwncollege dojo. This impacts an unknown function of the file /workspace/. This manipulation causes permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2026-25117. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as critical has been discovered in polarnl PolarLearn. This affects the function votes_data of the file /api/v1/forum/vote of the component Vote API. The manipulation of the argument direction results in improper input validation. This vulnerability was named CVE-2026-25126. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

Submit #739656 / VDB-343477

Submit #739655 / VDB-343477

Submit #739654 / VDB-343476

Submit #739653 / VDB-343476