Aggregator

黑客利用运行 KnowledgeDeliver 学习管理系统（LMS）的服务器中的一个关键零日漏洞，部署了 Godzilla Web Shell。 该缺陷是一个反序列化问题，被追踪为 CVE-2026-5426，可在无需身份验证的情况下被利用。其根源在于所有 KnowledgeDeliver 客户部署的 Web 门户配置中使用了共享的硬编码机器密钥（machine key）。 ViewS...

SonicWall Gen6系列SSL-VPN设备存在关键身份验证绕过漏洞CVE-2024-12802（CVSS 9.1），该漏洞自2026年2月起被Akira勒索软件即服务组织积极利用。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

DataCon致力于打造一场“产学研”深度融合的巅峰盛宴。

error code: 1003

Check Point 报告显示，被追踪为 Nimbus Manticore 的伊朗 APT 在针对航空和软件公司的新一轮入侵中采用了新战术，并更新了其武器库。该组织也被称为 Bohrium、Smoke Sandstorm、TA455 和 UNC1549，至少从 2022 年开始活跃，被认为是 Charming Kitten（APT35）的一个子组织，与伊朗伊斯兰革命卫队（IR...

A vulnerability classified as critical was found in prompts.chat. This issue affects some unknown processing of the component Authorization Header Handler. The manipulation of the argument token results in server-side request forgery. This vulnerability is cataloged as CVE-2026-22664. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in Like Plugin 3.0.0 on MyBB. It has been classified as problematic. Affected by this issue is some unknown functionality of the component Post Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2018-25247. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in OCS Inventory NG Server up to 2.12.3. It has been classified as problematic. This issue affects some unknown processing of the file /ocsinventory of the component HTTP Header Handler. Performing a manipulation of the argument User-Agent results in cross site scripting. This vulnerability is cataloged as CVE-2026-22675. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in Google Chrome. It has been declared as critical. This issue affects some unknown processing of the component WebRTC. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-5860. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Google Chrome on macOS. Affected is an unknown function of the component ANGLE. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2026-5879. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in Apache Tomcat up to 9.0.116/10.1.53/11.0.20. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing encryption of sensitive data. This vulnerability is referenced as CVE-2026-34486. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in NASM Netwide Assembler 3.02rc5. This impacts the function depend_file. Such manipulation leads to use after free. This vulnerability is documented as CVE-2026-6068. The attack needs to be performed locally. There is not any exploit available.

A vulnerability was found in Microsoft Windows. It has been classified as critical. The impacted element is an unknown function of the component Remote Desktop. This manipulation causes insufficient ui warning of dangerous operations. This vulnerability is tracked as CVE-2026-26151. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Google Chrome. Affected by this issue is some unknown functionality of the component WebML. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-5867. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component V8. The manipulation leads to type confusion. This vulnerability is documented as CVE-2026-5865. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in prompts.chat. This vulnerability affects unknown code of the component Username Handler. The manipulation leads to improper handling of case sensitivity. This vulnerability is listed as CVE-2026-22665. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

error code: 1003

数据泄露通知网站 HaveIBeenPwned 报告称，便利店连锁巨头 7-Eleven 在 4 月中旬遭受的数据泄露事件可能影响超过 18.5 万人。 7-Eleven 在本月初向缅因州总检察长办公室提交的数据泄露通知中表示，该事件发生于 4 月 8 日，涉及包含特许经营文件的系统。7-Eleven 表示，攻击中可能被盗了姓名和地址等个人信息，但未披露可能受影响的个人数量。 4 月中旬，臭名昭著...

Currently trending CVE - Hype Score: 4 - Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.