Aggregator

CVE-2026-42051 | getkirby up to 4.8.x/5.3.x API Endpoint authorization (GHSA-x68m-c7jf-2572)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in getkirby kirby up to 4.8.x/5.3.x. It has been declared as problematic. The affected element is an unknown function of the component API Endpoint. Executing a manipulation can lead to missing authorization. This vulnerability appears as CVE-2026-42051. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-42454 | Termix-SSH Termix up to 2.0.x WebSocket Message ssh2.Client.exec os command injection (GHSA-c2g2-hqgq-6w9v)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in Termix-SSH Termix up to 2.0.x. It has been classified as critical. Impacted is the function ssh2.Client.exec of the component WebSocket Message Handler. Performing a manipulation results in os command injection. This vulnerability is reported as CVE-2026-42454. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-42461 | getarcaneapp arcane up to 1.17.x redirect.util.ts authorization (GHSA-cxx3-hr75-4q96)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in getarcaneapp arcane up to 1.17.x and classified as problematic. This issue affects some unknown processing in the library frontend/src/lib/utils/redirect.util.ts. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-42461. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-42301 | befeleme pyp2spec up to 0.14.0 Summary input validation (GHSA-r35x-v8p8-xvhw)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability has been found in befeleme pyp2spec up to 0.14.0 and classified as problematic. This vulnerability affects unknown code. This manipulation of the argument Summary causes improper input validation. This vulnerability is registered as CVE-2026-42301. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-8208 | gibbonedu gibbon up to 30.0.0 filename control

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability, which was classified as problematic, was found in gibbonedu gibbon up to 30.0.0. This affects an unknown part. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is cataloged as CVE-2026-8208. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-42453 | Termix-SSH Termix up to 2.0.x File Endpoint command injection (GHSA-rvg4-7vvq-9c2w)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability, which was classified as critical, has been found in Termix-SSH Termix up to 2.0.x. Affected by this issue is some unknown functionality of the component File Endpoint. The manipulation leads to command injection. This vulnerability is listed as CVE-2026-42453. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-42455 | Linkwarden up to 2.14.0 Archive Upload Endpoint [linkId]?format=4 cross site scripting (GHSA-fjvg-mch3-j3vg)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability described as problematic has been identified in Linkwarden up to 2.14.0. This impacts an unknown function of the file /api/v1/archives/[linkId]?format=4 of the component Archive Upload Endpoint. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-42455. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

Kill

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

五角大楼开始公开 UFO 新文件

Solidot
1 month 2 weeks ago
可能是为了转移公众注意力,美国国防部开始公开一批 UFO/UAP 的新文件。首批公开了 162 份文件,未来还会公布更多。五角大楼在一份声明中宣称是为了展现特朗普总统对公众的最大限度透明度。然而爱泼斯坦文件至今还没有完整公开。新 UFO 文件发布在新网站 www.war.gov/UFO 上,包括了美国国务院的旧电报、FBI 文件以及 NASA 载人航天飞行的记录,比如 1972 年阿波罗 17 号任务期间拍摄的一张照片显示了三角形排列的点,五角大楼在说明文字中称对此现象尚未达成共识,但初步分析认为是一个物理物体。

国内OS公司在Linux主线的突围之路取决于英语化程度

宋宝华
1 month 2 weeks ago
或者换成了他的新皮,很可能几个人大几个月的工作都是白费的。现在mainline的风气,很大程度上还是取决于音量大,因为一些国际大厂的音量实在太大了。有没有代码,哪怕一行代码都没有,也可以先圈地,插个旗把地盘先占着,可以说是非常激烈的,加上现在AI这波搞地大家都异常地焦虑。我觉得唐葛亮唐大侠这次做地非常好,我们要发出我们的声音,唐大侠为了今年的lsf/mm/bpf练习英语都练习了好久,出发前找了几个陪练,我也和他对线练习。不然,我们还是做做我们自己的国产化生意好了,那个生意其实挺好的。
21cnbao

NVIDIA Data Breach Reportedly Exposes Personal Information of GeForce Users

Cyber Security News
1 month 2 weeks ago

A data breach at GFN.AM, an authorized NVIDIA GeForce NOW cloud gaming service provider operating under “GFN CLOUD INTERNET SERVICES” LLC, has exposed personal information belonging to registered users. The company disclosed the incident on May 5, 2026, revealing that unauthorized access to its database occurred as far back as March 9, 2026, nearly two […]

The post NVIDIA Data Breach Reportedly Exposes Personal Information of GeForce Users appeared first on Cyber Security News.

Dhivya

RansomHouse 黑客宣称入侵 Trellix 源代码

HackerNews
1 month 2 weeks ago
上周曝光的 Trellix 源代码库遭攻击事件,已被威胁组织勒索屋(RansomHouse)认领,该组织泄露了一组少量图片作为入侵证据。   昨日,该威胁行为者在其数据泄露网站上发布了截图,显示能够访问这家网络安全公司的设备管理系统。然而,BleepingComputer 无法证实这些数据的真实性。   Trellix 是一家国际网络安全公司,客户包括全球财富 100 强企业。...
hackernews

Managed ad