Aggregator

A vulnerability, which was classified as problematic, was found in nimiq core-rs-albatross up to 1.2.x. Affected is the function blockchain.history_store.history_index of the component nimiq Proof-of-Stake Protocol Handler. The manipulation results in unchecked return value. This vulnerability is identified as CVE-2026-35468. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. This vulnerability was named CVE-2026-5526. The attack may be performed from remote. In addition, an exploit is available. Applying restrictive firewalling is recommended.

A vulnerability, which was classified as problematic, has been found in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2026-5527. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to implement restrictive firewalling.

A vulnerability identified as critical has been detected in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. This vulnerability is reported as CVE-2026-5535. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. This vulnerability appears as CVE-2026-5536. The attack may be performed from remote. There is no available exploit. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01 and classified as critical. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-5547. It is possible to launch the attack remotely. No exploit is available. Multiple endpoints might be affected.

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. It has been classified as critical. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-5548. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in util-linux. This vulnerability affects unknown code of the component Hostname Canonicalization. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2026-3184. The attack is only possible within the local network. No exploit exists.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.162/6.6.123/6.12.69/6.18.9. The impacted element is the function smb2_open_file. Performing a manipulation results in memory leak. This vulnerability is cataloged as CVE-2026-23205. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.9. It has been declared as critical. The affected element is the function vlan_for_each of the file net/8021q/vlan_core.c. The manipulation results in reachable assertion. This vulnerability is cataloged as CVE-2026-23203. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.123/6.12.69/6.18.9. It has been declared as critical. This issue affects the function skb_header_pointer_careful of the component cls_u32. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-23204. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.199/6.1.162/6.6.123/6.12.69/6.18.9 and classified as critical. This affects the function tegra_qspi_combined_seq_xfer of the component IRQ Handler. Executing a manipulation of the argument curr_xfer can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-23202. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.123/6.12.69/6.18.9. Affected by this vulnerability is the function fib6_add_rt2node of the file net/ipv6/ip6_fib.c of the component ipv6. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-23200. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.12.69/6.18.9 and classified as critical. Affected by this issue is the function kfree of the component ceph. Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-23201. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.69/6.18.9. Affected by this vulnerability is the function __kernel_read of the component procfs. Such manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2026-23199. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

谷歌、微软公司及xAI已同意向美国政府提供其人工智能模型的早期访问权限，以评估这些系统的能力，并在该技术向公众发布前帮助提升其安全性。根据该机构周二的一份声明，通过这些协议，这些人工智能开发者加入了O

随着大模型产业化落地加速，AI安全已从学术研究场景，转化为企业安全建设、红队攻防测试的核心刚需场景。