Aggregator

2026年高级威胁预测 by ourren

更多最新文章，请访问SecWiki

Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]

A vulnerability was found in cure53 DOMPurify up to 2.5.8/3.3.1. It has been declared as problematic. This affects an unknown part. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-0540. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in rustdesk-server-pro RustDesk Server Pro up to 1.7.5. This vulnerability affects unknown code of the component Address Book Sync API Module. Executing a manipulation can lead to cleartext transmission of sensitive information. This vulnerability appears as CVE-2026-30796. The attack may be performed from remote. There is no available exploit.

A vulnerability described as critical has been identified in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function Config::set_options of the file src/hbbs_http/sync.Rs of the component API Message Handler. The manipulation results in violation of secure design principles. This vulnerability is known as CVE-2026-30792. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in rustdesk-client RustDesk Client up to 1.4.5. The affected element is an unknown function of the file src/hbbs_http/http_client.Rs. This manipulation causes improper certificate validation. This vulnerability is handled as CVE-2026-30794. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in rustdesk-client RustDesk Client up to 1.4.5. The impacted element is an unknown function of the file src/hbbs_http/sync.Rs. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2026-30795. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function MainSetPermanentPassword in the library flutter/lib/common.Dart of the component URI Handler. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-30793. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in OpenClaw up to 2026.2.21. This issue affects the function tools.exec.safeBins. Performing a manipulation of the argument sort results in os command injection. This vulnerability is known as CVE-2026-22169. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component. It looks like a duplicate CVE-2026-32010 has been assigned to this entry.

A vulnerability, which was classified as critical, has been found in OpenClaw up to 2026.2.21 on macOS. Affected is the function system.run. Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-22179. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.2.21. It has been declared as problematic. The impacted element is an unknown function of the component BlueBubbles Plugin. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-22170. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.2.21. It has been rated as critical. This affects an unknown function of the file /json/version of the component Authentication Token Handler. The manipulation leads to missing authentication. This vulnerability is documented as CVE-2026-22174. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in Wikimedia MediaWiki up to 1.39.13/1.43.3/1.44.0. Impacted is an unknown function of the file includes/RecentChanges/EnhancedChangesList.Php. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2025-61646. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

核心分析对象为 AS211590 自治系统对应的 Bucklog SARL 公司，该主体在法国巴黎部署了一套基于 Kubernetes 编排的扫描集群，在 90 天内发起了 1300 万次网络会话。

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

ИИ-перепись подтвердила, что у каждой десятой солнцеподобной звезды есть близкий спутник.

A vulnerability categorized as problematic has been discovered in GNOME libsoup. Affected is an unknown function of the component Header Parser. Such manipulation of the argument Content-Disposition leads to crlf injection. This vulnerability is uniquely identified as CVE-2026-1536. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in GNOME libsoup. Affected by this vulnerability is an unknown functionality of the component HTTP Redirect Handler. Performing a manipulation results in insertion of sensitive information into sent data. This vulnerability was named CVE-2026-1539. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Wikimedia MediaWiki up to 1.39.13/1.43.3/1.44.0. The affected element is an unknown function of the file includes/recentchanges/RecentChangeRCFeedNotifier.Php. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-61643. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Wikimedia MediaWiki up to 1.39.13/1.43.3/1.44.0. It has been declared as problematic. Impacted is an unknown function of the file includes/htmlform/CodexHTMLForm.Php. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-61642. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.