Aggregator

Submit #754495 / VDB-344981

Submit #753156 / VDB-344980

Submit #753155 / VDB-344979

上周关注度较高的产品安全漏洞（20260202-20260208)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞637个，其中高危漏洞357个、中危漏洞244个、低危漏洞36个。

В США раскрыли прокси-сеть, которую почти невозможно заблокировать.

A vulnerability has been found in pydantic pydantic-ai and classified as critical. The affected element is an unknown function of the component Localhost Interface. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-25904. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in mcp-run-python. Impacted is the function runPython/runPythonAsync of the component Pyodide API. The manipulation results in improper isolation or compartmentalization. This vulnerability is identified as CVE-2026-25905. The attack can be executed remotely. There is not any exploit available.

XSAST GO 发布

SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack

全国商户的电子支付服务大面积中断，只能接受现金支付

Кто такие хакеры в 2026 году и почему одного слова недостаточно.

Завершено расследование дела о международной сети аферистов, работавшей более семи лет.

春节期间火绒将持续为您护航

火绒终端安全管理系统V2.0与麒麟软件有限公司的银河麒麟桌面操作系统V11完成了全面适配认证

A vulnerability, which was classified as problematic, has been found in Zirve Information e-Taxpayer Accounting Website up to 07082025. This issue affects some unknown processing. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-7799. Remote exploitation of the attack is possible. No exploit is available.

CISA has issued a new directive requiring federal agencies to decommission all end of support edge devices within 12 months to reduce ongoing exploitation risks