Aggregator

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.77/6.18.18/6.19.8. The impacted element is the function xe_sync_entry_parse. Performing a manipulation results in allocation of resources. This vulnerability was named CVE-2026-43395. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.8 and classified as critical. This affects an unknown part. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-43431. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in RSAVAGE Crypt::PasswdMD5 up to 1.42 on Perl. Affected is the function Crypt::PasswdMD5. The manipulation results in cryptographically weak prng. This vulnerability was named CVE-2026-6659. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Linux Kernel up to 6.19.5. It has been rated as critical. This affects the function nested_svm_load_cr3. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2026-43315. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in MapServer up to 8.6.1. This impacts an unknown function of the component WMS Handler. The manipulation of the argument SRS results in basic cross site scripting. This vulnerability is identified as CVE-2026-42030. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.19/6.19.8. This affects the function ublk_ctrl_set_size of the component ublk. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2026-43364. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

根据 Linux 基金会公布的 2025 年年度报告，去年它在 Linux 内核项目上的开支为 841 万美元，占到了总预算的 2.95%，其中 Linux 内核作者 Linus Torvalds 薪水大约为 150 万美元（其中包括百万美元的“其它”收入，该收入未明确定义）。Linux 基金会其实是一个行业协会，并非公益性非营利组织，它的资金来自于科技巨头的赞助，从董事会成员的构成就可以看出，它的董事来自索尼、华为、OpenAI、高通、三星、微软、甲骨文、Google 和 Meta 等。Linux 基金会托管了大约 1500 个开源项目，Linux 内核也不是最大的项目，它在区块链上支出占到了总预算的 4%。

Autoruns, ProcDump, ZoomIt, Process Explorer и другие утилиты получили новые функции для диагностики, записи и анализа процессов.

RansomHouse勒索组织在其暗网公布了一个新的勒索攻击受害者，显示Trellix(McAee & FireEye)，并提供了一些服务器的截图信息。 今年勒索病毒黑客组织攻击活动是真的多，时不时就有国内企业被勒索攻击，请大家注意防范。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

A vulnerability was found in Devs Palace ERP Online up to 4.0.0. It has been classified as problematic. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-8221. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

本次攻击通过仿冒 Chrome 扩展与远程钓鱼页面构建双层攻击链，实现钱包凭据窃取，并结合反分析、地域分流等手段展现出成熟的钓鱼攻击工程化能力。

MistEye Security Gate 专注依赖于安装前的安全检查，通过硬阻断逻辑和全量覆盖率门限，为 AI 代理的依赖安全提供可靠的前置防线。

A vulnerability was found in Linux Kernel up to 6.18.18/6.19.8. It has been classified as critical. Impacted is the function vgic_allocate_private_irqs_locked of the component KVM. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-43351. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.12.77/6.18.18/6.19.8. It has been declared as critical. Affected by this issue is the function nfsd_nl_listener_set_doit. Executing a manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2026-43394. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.8. Affected by this vulnerability is an unknown functionality of the component xfs. The manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2026-43365. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.166/6.6.129/6.12.77/6.18.18/6.19.8. This affects an unknown part of the component btrfs. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-43360. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.