Aggregator

A vulnerability has been found in CactusViewer 2.3.0 and classified as problematic. Affected is an unknown function. The manipulation leads to uncontrolled search path. This vulnerability is uniquely identified as CVE-2026-36574. Local access is required to approach this attack. No exploit exists.

A vulnerability, which was classified as problematic, was found in Laravel-Backpack CRUD up to 4.0.62/4.1.68/5.0.12. This impacts the function getMessage. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2022-31114. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in glpi-project glpi up to 10.0.24/11.0.6. This affects an unknown function. Performing a manipulation of the argument GLPI_DOC_DIR results in missing authorization. This vulnerability is known as CVE-2026-42320. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in glpi-project glpi up to 10.0.24/11.0.6. The impacted element is an unknown function of the component Software Package Handler. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-42318. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in glpi-project glpi up to 10.0.24/11.0.6. The affected element is an unknown function. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-42317. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Python CPython. Impacted is the function unicodedata.normalize of the component Unicode Handler. The manipulation results in inefficient algorithmic complexity. This vulnerability is reported as CVE-2026-3276. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in gobgp 4.3.0. This issue affects the function BGPUpdate.DecodeFromBytes of the file /bgp/bgp.go of the component BGP Handler. The manipulation leads to integer underflow. This vulnerability is documented as CVE-2026-37462. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in openlabs docker-wkhtmltopdf-aas. This vulnerability affects unknown code of the file app.py of the component POST Request Handler. Executing a manipulation can lead to os command injection. This vulnerability is registered as CVE-2026-36576. The attack requires access to the local network. No exploit is available.

A vulnerability identified as problematic has been detected in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. This vulnerability is cataloged as CVE-2026-10783. The attack must be initiated from a local position. Furthermore, there is an exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3 and classified as critical. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_tasks_lifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-10616. The attack may be launched remotely. Furthermore, there is an exploit available. The project tagged the reported issue as bug.

A vulnerability was found in wireapp wire-ios up to 4.15.x. It has been rated as problematic. Affected is an unknown function. The manipulation leads to infinite loop. This vulnerability is documented as CVE-2026-35049. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

Submit #831451 / VDB-368140

几十年后才注意到它

A vulnerability categorized as critical has been discovered in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. This vulnerability is listed as CVE-2026-10777. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

科学家发现基因 vgll3 与生命早期生长发育和生殖成功以及生命晚期衰老加速和癌症风险增加直接相关。最新研究为 antagonistic pleiotropy 假说提供了实验证据。该假说认为某些基因会在生命早期带来优势，但在生命晚期则会带来不利影响。研究人员针对了一种寿命非常短的非洲丽鱼（African turquoise killifish），使用 CRISPR 基因编辑技术修改了该基因。结果显示，修改了 vgll3 基因的鱼生长速度更快，性成熟更早，在自然环境中具有繁殖优势。但代价是寿命缩短，且罹患与年龄相关癌症的几率更高。研究人员指出，大自然并不优先考虑寿命，而是优先考虑延续性。人类也存在 vgll3 基因，这项研究也有助于更好的理解人类发育、衰老和年龄相关疾病。

Qualcomm объяснила, почему смартфон уйдет на второй план.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A stealthy new threat is quietly making its way through US businesses, and most traditional security tools are completely missing it. Researchers have uncovered a previously unknown piece of malware that disguises itself as an everyday business document — a purchase order, a quote, or a request for proposal. Once an unsuspecting employee opens the […]

The post Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises appeared first on Cyber Security News.

Submit #831445 / VDB-368139

A serious wave of cyberattacks is now targeting a piece of infrastructure that most people never think about. Automatic Tank Gauge systems, commonly known as ATG systems, are used across the United States to remotely monitor fuel levels, liquid volumes, temperatures, and potential leaks in storage tanks. These systems sit quietly in the background, keeping […]

The post CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems appeared first on Cyber Security News.