Aggregator

Submit #785874 / VDB-355420

Submit #785858 / VDB-355419

Submit #785856 / VDB-355418

A vulnerability described as critical has been identified in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-5629. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-5628. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #785556 / VDB-355417

Submit #785555 / VDB-355416

РБК узнал, как ИТ-компании заставят помогать Роскомнадзору.

Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025. The Solana-based decentralized exchange described it as "an attack six months in the

Квантовая гравитация показала: всё началось с горячей фазы конечной плотности.

AI 工具的用户通常可分为两类：其一将 AI 视为功能强大但会犯错的服务，需要人类仔细监督和审查以发现其中的推理或事实错误；其二将 AI 视为无所不知——此类用户被称为是“认知投降派”。宾夕法尼亚大学沃顿商学院的研究人员对 1372 名参与者和逾 9500 次测试后发现，高达 73.2% 的情况下参与者愿意接受 AI 错误的推理，只有 19.7% 的情况下会推翻推理。研究人员表示这一结果“表明人很容易将 AI 生成的输出融入到决策过程中，且通常几乎没有任何抵触或怀疑”,“流畅、自信的输出会被视为有认知权威性，从而降低审查门槛，减弱了通常会促使人们进行深思熟虑的元认知信号”。他们发现，倾向于将 AI 视为权威的人更容易被 AI 提供的错误答案误导。

A vulnerability labeled as problematic has been found in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The identification of this vulnerability is CVE-2026-5625. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability identified as problematic has been detected in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. This vulnerability was named CVE-2026-5624. The attack may be initiated remotely. In addition, an exploit is available. You should upgrade the affected component.

Submit #785832 / VDB-355415

Submit #785739 / VDB-327602

Submit #785737 / VDB-316742

Submit #785731 / VDB-355414