Aggregator

CVE-2026-33036 | NaturalIntelligence fast-xml-parser up to 5.5.5 replaceEntitiesValue xml entity expansion (Nessus ID 303270)

Vuldb Updates
3 days 21 hours ago
A vulnerability identified as problematic has been detected in NaturalIntelligence fast-xml-parser up to 5.5.5. Affected is the function replaceEntitiesValue. Performing a manipulation results in xml entity expansion. This vulnerability is identified as CVE-2026-33036. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-33055 | alexcrichton tar-rs up to 0.4.44 type confusion (GHSA-gchp-q4r4-x4ff / Nessus ID 303274)

Vuldb Updates
3 days 21 hours ago
A vulnerability classified as critical has been found in alexcrichton tar-rs up to 0.4.44. This impacts an unknown function. Performing a manipulation results in type confusion. This vulnerability is reported as CVE-2026-33055. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-33165 | strukturag libde265 up to 1.0.16 Image Parser ctb_info.log2unitSize PicWidthInCtbsY/PicHeightInCtbsY out-of-bounds write (GHSA-653q-9f73-8hvg / EUVD-2026-13812)

Vuldb Updates
3 days 21 hours ago
A vulnerability labeled as critical has been found in strukturag libde265 up to 1.0.16. This vulnerability affects the function ctb_info.log2unitSize of the component Image Parser. Such manipulation of the argument PicWidthInCtbsY/PicHeightInCtbsY leads to out-of-bounds write. This vulnerability is traded as CVE-2026-33165. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-33164 | strukturag libde265 up to 1.0.16 set_derived_values heap-based overflow (GHSA-wqrf-6rf5-v78r / EUVD-2026-13810)

Vuldb Updates
3 days 21 hours ago
A vulnerability described as critical has been identified in strukturag libde265 up to 1.0.16. Impacted is the function pic_parameter_set::set_derived_values. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is handled as CVE-2026-33164. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-33150 | libfuse up to 3.18.1 FUSE File Parser fuse_uring_start use after free (GHSA-qxv7-xrc2-qmfx / EUVD-2026-13786)

Vuldb Updates
3 days 21 hours ago
A vulnerability classified as critical was found in libfuse up to 3.18.1. The impacted element is the function fuse_uring_start of the component FUSE File Parser. The manipulation results in use after free. This vulnerability was named CVE-2026-33150. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2026-32711 | pydicom up to 3.0.1 DICOM File Parser path traversal (GHSA-v856-2rf8-9f28 / Nessus ID 303276)

Vuldb Updates
3 days 21 hours ago
A vulnerability classified as critical was found in pydicom up to 3.0.1. This impacts an unknown function of the component DICOM File Parser. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-32711. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-62215 | Microsoft Windows up to Server 2025 Kernel race condition (EUVD-2025-93397 / WID-SEC-2025-2564)

Vuldb Updates
3 days 21 hours ago
A vulnerability classified as critical was found in Microsoft Windows. Impacted is an unknown function of the component Kernel. Executing a manipulation can lead to race condition. This vulnerability is handled as CVE-2025-62215. It is possible to launch the attack on the local host. Additionally, an exploit exists. It is advisable to implement a patch to correct this issue.
vuldb.com

India needs a shared, open-source malicious link detection API — and we need it yesterday

不安全
3 days 22 hours ago
好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,理解其主要观点。 文章开头提到2024年印度因网络诈骗损失了22845亿卢比,比前一年增加了206%。这说明问题非常严重。接着,作者赞扬了CERT-In等团队的努力,并指出问题不是因为他们的不尽力,而是现有的结构无法应对问题。 然后,文章描述了恶意链接在不同平台上传播的情况,比如WhatsApp、Instagram和X(推特)等,导致普通用户如祖母点击后损失积蓄。这表明问题的实际影响很大。 作者分析了根本原因:各个平台各自运行检测系统,不共享情报,导致恶意链接在不同平台之间传播延迟。再加上AI生成的钓鱼链接难以辨别,情况更加恶化。 解决方案是建立一个开源的恶意链接检测API,由CERT-In、Meta、Google、X等共同维护,实现统一的威胁情报层和实时响应。作者认为现有的机构框架存在,但缺乏技术标准。 最后,作者呼吁开发者和政策制定者合作,并询问是否有类似项目在进行中以及可能的障碍。 总结时需要涵盖关键点:网络诈骗损失增加、现有结构的问题、平台间缺乏合作、AI带来的挑战、提出的解决方案以及呼吁合作。控制在100字以内,直接描述内容。 印度2024年网络诈骗损失达2.28万亿卢比,同比增长206%。现有平台间检测系统孤立,情报不共享,导致恶意链接传播延迟。AI生成钓鱼链接加剧风险。建议建立开源统一检测API,由CERT-In等共同维护,实现实时同步响应,提升整体网络安全水平。

CVE-2026-22321 | Phoenix Contact FL SWITCH 2005 up to 3.52 Telnet/SSH stack-based overflow (VDE-2025-104 / EUVD-2026-12790)

Vuldb Updates
3 days 22 hours ago
A vulnerability, which was classified as critical, was found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. The affected element is an unknown function of the component Telnet/SSH. Such manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-22321. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-22319 | Phoenix Contact FL SWITCH 2005 up to 3.52 POST Parameter stack-based overflow (VDE-2025-104 / EUVD-2026-12788)

Vuldb Updates
3 days 22 hours ago
A vulnerability was found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. It has been classified as critical. This impacts an unknown function of the component POST Parameter Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-22319. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

Managed ad