Aggregator

A vulnerability marked as critical has been reported in Canva Affinity. Impacted is an unknown function of the component EMF File Parser. Performing a manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-61979. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in Canva Affinity. This issue affects some unknown processing of the component EMF File Parser. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2025-61952. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in Canva Affinity. This vulnerability affects unknown code of the component EMF File Parser. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2025-58427. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in Wazuh up to 4.14.2. This affects an unknown part of the file wdb_delta_event.c of the component Database Synchronization Module. The manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2026-25772. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Canva Affinity. It has been rated as critical. Affected by this issue is some unknown functionality of the component EMF File Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-47873. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in danvei233 xiaoheiFS up to 0.3.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manifest.json of the component ZIP File Parser. Executing a manipulation of the argument binaries can lead to os command injection. This vulnerability is handled as CVE-2026-28673. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in danvei233 xiaoheiFS up to 0.3.x. It has been classified as critical. Affected is an unknown function of the file plugins/payment/ of the component AdminPaymentPluginUpload. Performing a manipulation results in unrestricted upload. This vulnerability is known as CVE-2026-28674. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

嗯，用户让我用中文总结这篇文章，控制在100字以内，而且不需要用“文章内容总结”之类的开头。好的，首先我需要通读整篇文章，抓住主要信息。 文章讲的是伊朗在“跳火节”前加强了互联网限制。Netblocks和Kentik的数据显示，他们限制了本地电信网络的连接，主要是为了遏制VPN的使用。像Rubika这样的消息应用也被断开了。还有“白色SIM卡”也被停用。活动人士认为这是为了防止反政府抗议活动，因为去年这个时候伊朗爆发了抗议。 接下来，我需要把这些信息浓缩到100字以内。要包括时间点（跳火节前）、措施（限制互联网、断开应用、停用SIM卡）、目的（防止抗议）。同时保持语言简洁明了。 可能的结构是：伊朗在跳火节前加强网络监控，限制VPN和应用使用，停用特定SIM卡，以防止反政府抗议。 检查一下是否符合要求：100字以内，直接描述内容，没有多余开头。看起来没问题。 伊朗在“跳火节”前加强网络监控，限制VPN使用并切断消息应用连接，停用部分SIM卡访问权限，以遏制反政府抗议活动。

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100个字以内，而且不需要用“文章内容总结”之类的开头。直接写描述就行。 首先，我需要通读整篇文章，抓住主要信息。文章讲的是一个叫RTL-ML的开源项目，由Trevor Unland提交。这个项目是用机器学习自动识别和分类八种不同的信号类型，运行在低功耗的ARM处理器上，比如Raspberry Pi 5或者Indiedroid Nova，搭配RTL-SDR使用。 文章提到RTL-ML的准确率是87.5%，覆盖了八种实际信号类型，包括ADS-B、NOAA天气卫星、ISM传感器等等。这个工具包是用Python写的，完全开源，代码在GitHub上，训练数据在HuggingFace上分享。 项目提供了一个完整的管道，从信号捕获到训练分类器。和其他依赖合成数据或昂贵GPU的学术方法不同，RTL-ML使用真实信号和边缘硬件，不需要云端依赖。模型大小只有186KB，在Pi 5上处理信号大约需要120毫秒。 GitHub仓库里有完整的捕获和训练脚本、预训练模型、验证过的频谱图以及文档，方便添加新的信号类型。它在Raspberry Pi 5和Indiedroid Nova上都能直接运行。 用户可能对技术细节感兴趣，比如模型的大小、处理速度、支持的硬件等。同时，他们可能也关心项目的开放性和易用性。 总结的时候需要涵盖项目名称、功能、准确率、支持的信号类型、硬件要求以及开源情况。要简洁明了，在100字以内。 所以最终的总结应该包括：RTL-ML是一个开源Python工具包，用于机器学习自动分类无线电信号，在ARM单板计算机和RTL-SDR上运行，准确率87.5%，支持八种实际信号类型。 RTL-ML 是一个开源 Python 工具包，用于通过机器学习自动分类无线电信号。它在 ARM 单板计算机（如 Raspberry Pi 5 或 Indiedroid Nova）和 RTL-SDR 上运行，支持 8 种实际信号类型（如 ADS-B 和 NOAA 天气卫星），准确率高达 87.5%。

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读整篇文章，抓住主要信息。 文章主要讲英特尔推出了新的高端移动处理器，型号是Core Ultra 200HX Plus系列。目标用户是游戏玩家和专业人士。处理器有几款型号，比如9 290HX Plus和7 270HX Plus，带来了性能提升，比如游戏性能提升了8%，单线程提升了7%。还有二进制优化工具，能提升IPC和整体性能。此外，处理器支持Wi-Fi 7、蓝牙5.4和Thunderbolt 5。现在已经上市，有宏碁、华硕等品牌在卖。 接下来，我需要把这些要点浓缩成100字以内。要确保涵盖处理器型号、目标用户、性能提升、优化工具以及支持的技术和上市情况。 可能会这样组织：英特尔推出Core Ultra 200HX Plus系列处理器，面向游戏玩家和专业人士。新处理器提升了游戏和单线程性能，并引入二进制优化工具以增强IPC。支持Wi-Fi 7、蓝牙5.4和Thunderbolt 5。已由宏碁等品牌推出市场。 检查一下字数是否合适，确保信息准确且简洁。 英特尔推出Core Ultra 200HX Plus系列高端移动处理器，面向游戏玩家和专业人士。该系列处理器提升游戏及单线程性能，并引入二进制优化工具以增强IPC。支持Wi-Fi 7、蓝牙5.4及Thunderbolt 5技术，已由宏碁等品牌推出市场。

SUCTF 2026 落幕，恭喜F1ux战队！

A vulnerability was found in Devolutions PowerShell Universal up to 2026.1.3 and classified as critical. This impacts an unknown function of the component gRPC Service. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-4064. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Wazuh up to 4.14.2 and classified as critical. This affects an unknown function of the file /src/analysisd/decoders/security_configuration_assessment.c of the component JSON Handler. This manipulation causes stack-based buffer overflow. This vulnerability appears as CVE-2026-25790. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Wazuh up to 4.14.2. The impacted element is the function generate_keypair of the file middlewares.py of the component API. The manipulation results in resource consumption. This vulnerability is reported as CVE-2026-25771. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM Sterling B2B Integrator and Sterling File Gateway up to 6.1.2.7_2/6.2.0.5_1/6.2.1.1_1/6.2.2.0. The affected element is an unknown function of the component Request Handler. The manipulation leads to denial of service. This vulnerability is documented as CVE-2025-14031. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in LDAPAccountManager lam up to 9.4. Impacted is an unknown function in the library /var/lib/ldap-account-manager/config. Executing a manipulation can lead to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is registered as CVE-2026-27894. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in IBM Sterling B2B Integrator and Sterling File Gateway up to 6.1.2.7_2/6.2.0.5_1/6.2.1.1_1/6.2.2.0. This issue affects some unknown processing. Performing a manipulation results in missing authentication. This vulnerability is cataloged as CVE-2026-1264. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in LDAPAccountManager lam up to 9.4. This vulnerability affects unknown code in the library /var/lib/ldap-account-manager/config. Such manipulation leads to incorrect regular expression. This vulnerability is listed as CVE-2026-27895. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in pyca pyOpenSSL up to 25.x. This affects the function set_cookie_generate_callback of the component Cookie Handler. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2026-27459. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in pyca pyOpenSSL up to 0.14.0/26.0.0. Affected by this issue is the function set_tlsext_servername_callback. The manipulation results in improper access controls. This vulnerability is identified as CVE-2026-27448. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.