Aggregator

美国电动汽车制造商Rivian CEO RJ·斯卡林奇周二在接受采访时表示，公司正在考虑自行生产激光雷达传感器，并可能与中国企业合作推进这一计划。公司不会直接从中国供应商采购，而是考虑利用中国技术在美

As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.

A vulnerability classified as problematic has been found in GNU C Library up to 2.33. This impacts the function ns_printrrf/ns_printrr/fp_nquery of the component DNS Response Handler. This manipulation causes buffer over-read. This vulnerability is registered as CVE-2026-6238. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apache Thrift up to 0.22.x. Impacted is an unknown function of the file TSSLTransportFactory.java. Executing a manipulation can lead to certificate with host mismatch. This vulnerability is tracked as CVE-2026-43869. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability has been found in Apache HTTP Server 2.4.66 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTP2 Handler. The manipulation leads to double free. This vulnerability is referenced as CVE-2026-23918. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Оказалось, что последние 19 лет любой желающий мог сделать то же самое.

A vulnerability classified as problematic has been found in lxc up to 6.x. This issue affects the function find_line. This manipulation causes incorrect authorization. This vulnerability is registered as CVE-2026-39402. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in langgenius dify up to 1.13.x. The affected element is an unknown function. Performing a manipulation results in authorization bypass. This vulnerability is reported as CVE-2026-41950. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in io.quarkus:quarkus-vertx-http. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/admin of the component HTTP Request Handler. Executing a manipulation can lead to authorization bypass. This vulnerability appears as CVE-2026-39852. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic was found in pi-hole FTL up to 6.6.0. Impacted is an unknown function of the file /etc/pihole/pihole.toml of the component Configuration API. Such manipulation leads to crlf injection. This vulnerability is documented as CVE-2026-39849. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Anthropic claude-code up to 2.1.83. The impacted element is an unknown function of the file claude/settings.json. Executing a manipulation can lead to command injection. This vulnerability appears as CVE-2026-40068. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability identified as critical has been detected in OpenMRS up to 2.7.8/2.8.5. Affected by this vulnerability is the function getFile of the file /openmrs/moduleResources/ of the component ModuleResourcesServlet. Performing a manipulation results in path traversal. This vulnerability is identified as CVE-2026-40075. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in jupyter-server jupyter_server up to 2.17.0. Affected by this issue is the function re.match of the component Jupyter Server API. Executing a manipulation can lead to regular expression without anchors. This vulnerability is tracked as CVE-2026-40110. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

Anthropic的CEO达里奥·阿莫代伊周二表示：“中国AI可能在6～12个月后追赶上新型AI模型‘Mythos’的性能。Anthropic当天在位于美国东部的纽约市面向金融行业举办了一场活动，阿莫

A CVSS score 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Alex Williams from Pellera Technologies' was reported to the affected vendor on: 2026-05-06, 9 days ago. The vendor is given until 2026-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Alex Williams from Pellera Technologies' was reported to the affected vendor on: 2026-05-06, 9 days ago. The vendor is given until 2026-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Syed Ibrahim Ahmed of TrendAI Research, Sean Shekhtman (@sheep_trend) of TrendAI Research, and Jacky Yang of TrendAI Research' was reported to the affected vendor on: 2026-05-06, 9 days ago. The vendor is given until 2026-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Dvir Gozlan' was reported to the affected vendor on: 2026-05-06, 9 days ago. The vendor is given until 2026-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

The following is a guest post submitted by Matt Larson.The post explains how Matt Larson set u