Aggregator

A vulnerability classified as critical was found in NatroTeam NatroMacro up to 1.0.x. This affects an unknown function. Such manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2026-28801. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in pjsip pjproject up to 2.16. This impacts an unknown function of the file evsub.c. Performing a manipulation results in use after free. This vulnerability was named CVE-2026-28799. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in cocoindex-io cocoindex up to 0.3.33. It has been classified as critical. This affects an unknown part. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-28438. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in dgtlmoon changedetection.io up to 0.54.3. The impacted element is an unknown function of the file /rss/tag/ of the component HTTP Response Handler. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-29038. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in KAZEBURO Plack::Middleware::Session::Simple up to 0.04 on Perl and classified as problematic. This affects the function rand of the component Default Session ID Generator. Such manipulation leads to generation of predictable numbers or identifiers. This vulnerability is traded as CVE-2025-40926. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in dgtlmoon changedetection.io up to 0.54.3 and classified as critical. Affected by this vulnerability is the function unparsed-text of the component XPath Expression Handler. The manipulation of the argument include_filters leads to code injection. This vulnerability is referenced as CVE-2026-29039. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Nuclio up to 1.15.19. It has been rated as critical. This issue affects some unknown processing. Performing a manipulation results in failure to sanitize special elements into a different plane (special element injection). This vulnerability is cataloged as CVE-2026-29042. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability marked as problematic has been reported in py-pdf pypdf up to 6.7.4. Impacted is an unknown function. The manipulation of the argument ASCIIHexDecode leads to inefficient algorithmic complexity. This vulnerability is traded as CVE-2026-28804. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in GPAC up to 26.02.0. It has been rated as critical. Affected by this issue is the function strcpy of the file src/filters/dmx_nhml.c of the component NHML File Parser. Performing a manipulation of the argument xmlHeaderEnd results in stack-based buffer overflow. This vulnerability is known as CVE-2026-27821. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

嗯，用户让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头，直接写描述。好的，我先看看用户提供的文章内容。 这篇文章看起来是关于一个播客的第458期内容。播客的名字是“Smashing Security”，主持人是Graham Cluley，还有特别嘉宾Tricia Howard。内容里提到了几个主要事件：Wikipedia被一个JavaScript蠕虫攻击，导致页面被涂鸦；一个加密货币承包商偷了4600万美元然后在Telegram上炫耀；还有一些其他的小故事，比如Graham推荐Asterix，Trisha发现了Robin Hobb的小说，还有一个人叫“Lick”被抓了。 所以，我需要把这些关键点浓缩到100字以内。首先确定主要事件：Wikipedia被攻击、加密货币盗窃、还有其他有趣的故事。然后把这些点连贯地表达出来。 可能的结构是：播客第458期讲述了Wikipedia被JavaScript蠕虫攻击、加密货币承包商窃取4600万美元以及一些趣闻轶事。这样既涵盖了主要内容，又简洁明了。 检查一下字数是否符合要求。嗯，大概在100字以内了。再看看有没有更简练的表达方式，比如把“加密货币承包商”简化为“承包商”，但可能不够明确。还是保持原样比较好。 最后确认一下有没有遗漏的重要信息，比如特别嘉宾Tricia Howard和主持人Graham Cluley的名字是否需要提及？根据用户的要求，主要是总结内容，所以可能不需要提到他们名字。 综上所述，总结应该是：播客第458期讲述了Wikipedia被JavaScript蠕虫攻击、加密货币承包商窃取4600万美元以及一些趣闻轶事。 播客第458期讲述了Wikipedia被JavaScript蠕虫攻击、加密货币承包商窃取4600万美元以及一些趣闻轶事。

2025年度全球APT威胁研究报告

围绕大模型的攻击已经形成独有体系

硬币两面

A vulnerability marked as critical has been reported in WellChoose Single Sign-On Portal System. The affected element is an unknown function. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-1427. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in WellChoose Single Sign-On Portal System. The impacted element is an unknown function. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-1429. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in WellChoose Single Sign-On Portal System. This affects an unknown function. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-1428. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in TP-Link Omada Controller up to 5.x. Affected is an unknown function of the component Session Token Handler. Such manipulation leads to insufficiently protected credentials. This vulnerability is uniquely identified as CVE-2025-9521. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in TP-Link Omada Controller up to 5.x. It has been classified as critical. The impacted element is an unknown function. Performing a manipulation results in server-side request forgery. This vulnerability is identified as CVE-2025-9522. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability described as problematic has been identified in TP-Link Omada Controller up to 5.x. This vulnerability affects unknown code. Executing a manipulation can lead to authorization bypass. This vulnerability appears as CVE-2025-9520. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.