Aggregator

Flickr начал расследование из-за уязвимости в системе почтовых рассылок.

近日，广州锦行网络科技有限公司在网络安全领域的突出贡献，接连获得来自政府主管部门与行业协会的高度肯定

SmarterMail 身份认证绕过漏洞复现

Currently trending CVE - Hype Score: 1 - IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.

Currently trending CVE - Hype Score: 4 - An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

Currently trending CVE - Hype Score: 1 - A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and ...

Currently trending CVE - Hype Score: 10 - An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting ...

SmarterTools раскрыла подробности взлома своей инфраструктуры группировкой Warlock Group.

LineageOS 23.2 释出。主要变化包括：支持 Material 3 Expressive 视觉风格，支持完全自定义快速设置面板，扩展深色主题，更强大的私人空间文件管理工具等等。开发者称，Android 开源项目 AOSP 过去几年的发布节奏转向了季度发布，而 Google 最近宣布从季度发布转向半年发布一次，LineageOS 项目也将采用六个月的发布节奏。

A vulnerability was found in GIGABYTE MacroHub up to 2.3.1 and classified as critical. This issue affects some unknown processing. The manipulation results in execution with unnecessary privileges. This vulnerability is cataloged as CVE-2026-0870. The attack must be initiated from a local position. There is no exploit available.

A vulnerability has been found in GitLab AI Gateway up to 18.6.1/18.7.0/18.8.0 and classified as critical. This vulnerability affects unknown code of the component Duo Workflow Service. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is listed as CVE-2026-1868. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Apache Shiro up to 2.0.6. This affects an unknown part. Executing a manipulation can lead to authorization bypass. This vulnerability is tracked as CVE-2026-23903. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apache Shiro up to 2.0.6. Affected by this issue is some unknown functionality. Performing a manipulation results in observable timing discrepancy. This vulnerability is identified as CVE-2026-23901. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in jsonpath. Affected by this vulnerability is an unknown functionality. Such manipulation leads to code injection. This vulnerability is referenced as CVE-2026-1615. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in Eaton Network M3 up to 2.3.2. Affected is an unknown function of the component Firmware Upgrade Handler. This manipulation causes improper certificate validation. The identification of this vulnerability is CVE-2026-22613. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Yokogawa Electric FAST TOOLS up to R10.04. This impacts an unknown function. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2025-66595. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Yokogawa Electric FAST TOOLS up to R10.04. This affects an unknown function. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is uniquely identified as CVE-2025-66599. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Yokogawa Electric FAST TOOLS up to R10.04. The impacted element is an unknown function of the component SSL/TLS. Executing a manipulation can lead to risky cryptographic algorithm. This vulnerability is handled as CVE-2025-66598. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Yokogawa Electric FAST TOOLS up to R10.04. The affected element is an unknown function of the component Request Header Handler. Performing a manipulation results in open redirect. This vulnerability is known as CVE-2025-66596. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

在2025年的美国，一场由特朗普亲手掀起的美国情报界“瘦身”风暴，正以前所未有的力度席卷而来。当资深情报高官