Aggregator

Apache ActiveMQ CVE-2026-34197 Jolokia 远程代码执行漏洞分析

Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated after a reset. [...]

Список жертв растёт быстрее официальных заплаток.

A vulnerability has been found in Wireshark up to 4.4.14/4.6.4 and classified as problematic. This issue affects some unknown processing of the component iLBC Codec. This manipulation causes double free. This vulnerability is registered as CVE-2026-5657. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.18.28/7.0.5/7.1-rc2. Affected by this vulnerability is the function rxrpc_input_call_event of the component rxrpc. Such manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2026-43500. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability described as problematic has been identified in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. This vulnerability affects the function urldecode. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-7258. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5 and classified as problematic. The affected element is an unknown function of the component SOAP Server Handler. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-7262. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. Affected is the function metaphone of the file ext/standard/metaphone.c. Executing a manipulation can lead to integer overflow. This vulnerability is tracked as CVE-2026-7568. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Submit #811314 / VDB-362608

Submit #811303 / VDB-362607

A vulnerability marked as critical has been reported in Apple iOS and iPadOS up to 15.4.1. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-26719. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Apple Safari up to 15.4. This affects an unknown part of the component WebKit. The manipulation results in memory corruption. This vulnerability is known as CVE-2022-26719. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Apple iTunes up to 12.12.3. This issue affects some unknown processing of the component WebKit. The manipulation leads to use after free. This vulnerability is documented as CVE-2022-26717. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Apple tvOS up to 15.4.1 and classified as critical. The impacted element is an unknown function of the component WebKit. This manipulation causes use after free. The identification of this vulnerability is CVE-2022-26717. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in Apple macOS up to 12.3. This affects an unknown function of the component WebKit. Such manipulation leads to use after free. This vulnerability is documented as CVE-2022-26717. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

Anthropic 上个月宣布的新 AI 模型 Mythos 引发了媒体的广泛关注，它宣传 Mythos 能极其精确的发现源代码中的安全漏洞。它的识别能力如此强大以至于 Anthropic 暂不向公众发布该模型，而是先提供给少数几家公司，以便于它们能优先解决其发现的安全漏洞。curl 维护者 Daniel Stenberg 认为这是一次极其成功的营销噱头。curl 是广泛使用的开源项目，因此他获得了 Mythos 的访问权限。curl 目前包含了 17.6 万行 C 代码，共 66 万个单词。Mythos 最终返回了一份安全报告，声称确认了五个安全漏洞。但 curl 的安全团队在仔细检查后发现其中 3 个是误报，1 个是 Bug，还有 1 个是低危级别的安全漏洞，将会在下个月释出的版本中修复。安全报告还详细纪录了约 20 个 bug，基本上都是正确的。Stenberg 表示他没有看到任何证据表明 Mythos 在发现安全漏洞上比之前的其它工具更胜一筹，Mythos 可能略好一点，但不足以对代码分析产生显著影响。

Submit #811274 / VDB-362606

Submit #811273 / VDB-362605

Romanian national Gavril Sandu faces up to 30 years in a US prison after extradition over a VOIP vishing and fake debit card fraud scheme.