Aggregator

A vulnerability was found in Sylius up to 2.0.15/2.1.11/2.2.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/v2/shop/orders/{tokenValue}/items of the component Endpoint. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-31821. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in django-commons django-unicorn up to 0.66.x. It has been declared as critical. This vulnerability affects unknown code. Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2026-31815. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Sylius up to 2.2.2 and classified as problematic. This issue affects the function CurrencySwitchController::switchAction/ImpersonateUserController::impersonateAction/StorageBasedLocaleSwitcher. Executing a manipulation can lead to open redirect. This vulnerability is registered as CVE-2026-31819. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Sylius up to 2.0.15/2.1.11/2.2.2. It has been classified as problematic. This affects an unknown function of the component Message Handler. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-31822. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Sylius up to 2.0.15/2.1.11/2.2.2. It has been declared as problematic. This impacts the function rowRenderer of the file shared/breadcrumbs.html.twig. Such manipulation of the argument label leads to cross site scripting. This vulnerability is documented as CVE-2026-31823. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读整篇文章，抓住主要信息。 文章主要讲的是“十五五”规划中网络安全的内容。规划提升了网络安全的战略地位，从之前的社会治理和技术问题上升到国家安全战略的核心要素。具体措施包括制度建设、能力建设、综合治理、技术防护和国际合作。同时，规划强调主动防御和体系化构建，并指出政府和企事业单位需要应对合规性提升、新技术风险等挑战。 接下来，我需要将这些要点浓缩成一段话，确保不超过100字，并且直接描述内容，不使用“总结”或“这篇文章”这样的开头。 可能的结构是：首先提到规划的提升，然后概述主要措施和核心任务，最后点出对政府和企业的挑战。 检查一下字数是否合适，确保信息准确且简洁。 "十五五"规划提升网络安全战略地位至国家安全核心要素，独立成节并纳入经济安全更高层面。规划强调构建全面主动的防御体系，涵盖制度、能力、治理、技术防护及国际合作，并要求政府和企事业单位应对合规性提升、主动防御不足及新技术风险等挑战。

Microsoft has announced a two-phase plan to disable the hands-free deployment feature in Windows Deployment Services (WDS) following the discovery of a critical remote code execution (RCE) vulnerability tracked as CVE-2026-0386. The flaw, rooted in improper access control, allows an unauthenticated attacker on an adjacent network to intercept sensitive configuration files and execute arbitrary code […]

The post Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability appeared first on Cyber Security News.

A vulnerability classified as critical was found in Linux Kernel up to 6.14.3/6.15-rc2. This issue affects the function dpu_plane_virtual_atomic_check. Executing a manipulation can lead to null pointer dereference. This vulnerability appears as CVE-2025-37783. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.87/6.12.24/6.14.3/6.15-rc2. Affected by this vulnerability is the function icss_iep_exit of the component net. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-37784. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.87/6.12.24/6.14.3/6.15-rc2 and classified as critical. Impacted is the function dsa_tree_setup. The manipulation results in use after free. This vulnerability was named CVE-2025-37786. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability classified as problematic was found in Linux Kernel up to 6.14.3/6.15-rc2. Affected by this issue is some unknown functionality of the component iov_iter. Such manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2025-37779. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.3/6.15-rc2. Affected is the function smb2_sess_setup of the component ksmbd. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-37778. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.3/6.15-rc2. Affected by this vulnerability is an unknown functionality of the component i2c. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2025-37781. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.3/6.15-rc2 and classified as problematic. This issue affects the function handle_to_path of the component isofs. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-37780. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.87/6.12.24/6.14.3/6.15-rc2. This impacts the function smb_break_all_levII_oplock of the component ksmbd. This manipulation causes use after free. This vulnerability is registered as CVE-2025-37776. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.14.3/6.15-rc2. This vulnerability affects the function __smb2_lease_break_noti of the component Ksmbd. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2025-37777. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 波兰国家核研究中心（NCBJ）表示，其信息技术基础设施遭到黑客攻击，但在造成任何影响前就已被检测并拦截。 该机构本周在一份声明中宣布，其用于及早发现威胁的安全系统和内部流程，成功阻止了系统被入侵，并让信息技术人员迅速加固了受攻击目标。 波兰国家核研究中心称：“得益于安全系统与相关流程在此次事件中的快速高效运行，以及团队的迅速响应，攻击被成功挫败，系统完整性未受破坏。” 波兰国家核研究中心是该国主要的政府核科研机构，专注于核物理、反应堆技术、粒子物理和辐射应用领域，为波兰核电项目提供技术与科研支持。 该机构还运营着波兰唯一一座用于科研实验、中子研究及医用同位素生产的玛丽亚（MARIA）核反应堆，此反应堆不用于发电。 波兰国家核研究中心主任雅各布・库佩茨基教授表示，此次网络安全事件未影响玛丽亚反应堆的运行，反应堆仍以满功率安全稳定运转。 该机构已通报波兰相关部门并启动调查，同时内部安全团队已进入高度戒备状态，以应对任何新的威胁。 尽管该机构未将此次攻击归咎于任何特定黑客组织或国家，但路透社报道称，波兰当局发现伊朗可能是此次网络攻击的幕后方。不过调查人员仍持谨慎态度，因为这些迹象有可能是虚假旗标行动（故意嫁祸）。 本月早些时候，波兰国防部长弗拉迪斯拉夫・科希尼亚克 – 卡米什表示，波兰并未参与中东冲突。 今年 1 月有消息披露，波兰电网 —— 尤其是多个分布式能源资源站点、热电联产设施、风电与光伏调度系统 —— 曾遭到俄罗斯黑客组织 APT44（“沙虫”）的攻击。 2 月底，国际气候与环境研究中心（ICCT）的一份报告将波兰列为俄罗斯网络行动的重点目标之一：2025 年年中至 2026 年年初，已有31 起确认为俄罗斯方面发起的网络事件。 消息来源：bleepingcomputer.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

嗯，用户让我帮他总结一篇文章，控制在100字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。首先，我需要理解用户的需求。他可能是在阅读一篇关于错误代码521的文章，想要一个简洁的总结。 接下来，我得分析文章内容。错误代码521通常与Cloudflare有关，可能涉及到网络连接问题、服务器配置错误或者DNS设置问题。常见的解决方法包括检查网络连接、清除缓存、联系网站管理员或者检查DNS设置是否正确。 然后，我要确保总结的内容准确且简洁。控制在100字以内，所以需要精炼语言，涵盖主要问题和解决方法。同时，避免使用复杂的术语，让用户容易理解。 最后，检查一下是否符合用户的要求：直接描述，没有开头用语，并且在字数限制内。这样用户就能快速了解文章的主要内容和解决办法了。 文章介绍了错误代码521的原因及其解决方案。该错误通常由Cloudflare引起，可能与网络连接问题、服务器配置错误或DNS设置不当有关。常见解决方法包括检查网络连接、清除浏览器缓存、联系网站管理员或调整DNS设置以恢复正常访问。

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。直接写描述就行。那我得先仔细看看文章内容。 文章主要讲的是智谱推出了GLM-5-Turbo模型，这个模型是针对OpenClaw工作流优化的。从训练数据到优化目标都是基于真实世界的智能体工作流程，这样模型就能执行复杂、动态、长链任务了。现在这个模型可以在GLM编程套餐、API或者OpenRouter等平台上调用，价格方面百万输入0.96美元，输出3.2美元，缓存0.192美元。 用户的需求是希望得到一个简洁的总结，所以我要抓住关键点：模型名称、优化目标、功能特点以及价格信息。同时要注意字数限制在100字以内。 我需要把这些信息浓缩成一句话或者几句话，确保涵盖主要信息。比如：智谱推出GLM-5-Turbo模型，针对OpenClaw优化，支持复杂任务执行，提供高吞吐量和稳定性，并且价格透明。 这样既涵盖了模型的名称和优化方向，又提到了它的功能和价格优势。看起来符合用户的要求。 智谱推出GLM-5-Turbo模型，专为OpenClaw工作流优化设计，支持复杂、动态、长链任务执行，并增强工具调用、指令分解及持久化任务能力。该模型可通过API或OpenRouter等平台调用，提供高吞吐量和稳定性。