Aggregator

Zohoが提供するWordPress用プラグインZoho Mail for WordPressには、クロスサイトリクエストフォージェリの脆弱性が存在します。

A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. Affected is an unknown function of the file ubsan_throwing_runtime.cpp. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-0039. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. Affected by this issue is some unknown functionality of the file ubsan_throwing_runtime.cpp. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2026-0040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Google Android 15/16/16-qpr2. It has been rated as critical. This vulnerability affects unknown code of the file AccessibilityManagerService.java. This manipulation causes denial of service. This vulnerability appears as CVE-2026-0018. The attack requires local access. There is no available exploit.

A vulnerability categorized as critical has been discovered in Google Android 14/15/16/16-qpr2. This issue affects the function startAnimation of the file StageCoordinator.java. Such manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2026-0036. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as critical has been found in Google Android 16/16-qpr2. This vulnerability affects the function updateProvidersWhenServiceRemoved of the file CredentialManagerService.java. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0016. Local access is required to approach this attack. No exploit exists.

六款微软 365 安卓客户端存在同源漏洞，数十亿次下载对应的用户设备均存在被入侵隐患。   漏洞由 AI 自动化漏洞挖掘厂商 Enclave 率先发现，相关研究原定周二对外公开，内容已独家交由《SecurityWeek》首发。问题根源是Word、PowerPoint、Excel、微软 365 Copilot、Microsoft Loop、OneNote 这六款安卓应用正式版代码里遗留了调...

一场名为 WeedHack 的大规模恶意软件攻击专门瞄准 Mincraft 玩家，自今年 1 月起已造成超 116000 台设备中毒。   该恶意软件依托 Mincraft 相关的恶意模组、游戏客户端、外挂作弊程序与辅助工具扩散，攻击者借助油管引流、搜索引擎投毒（SEO 污染）推广上述有害程序。 WeedHack 属于恶意软件即服务（MaaS）类信息窃取程序，搭建了后台控制面板，使用者可...

The Brute-Force Wave and Vault Compromise The password manager Dashlane recently dispatched urgent security notifications to numerous subscribers. The electronic correspondence stated that the platform temporarily deactivated their accounts to bolster defensive metrics. Specifically,...

The post The Dashlane Lockout: Security Countermeasures and User Disruption appeared first on Information Security News.

俄罗斯黑客组织 “鱼叉”（Gamaredon）持续利用 WinRAR 漏洞，投放多种旨在窃取数据和传播的恶意软件。   据安全公司 Sekoia 称，此次攻击利用了 WinRAR 中的路径遍历漏洞 CVE - 2025 - 8088，将其武器化以启动名为 GammaPhish 的 HTML 应用程序有效载荷，然后该程序会检索一个名为 GammaLoad 的中间 V...

A vulnerability categorized as critical has been discovered in Seagate openSeaChest up to 25.05.3/26.03.0. This affects an unknown part of the component SCSI Handler. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-10717. Attacking locally is a requirement. No exploit is available.

A vulnerability identified as critical has been detected in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. This vulnerability is tracked as CVE-2026-10688. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as problematic has been discovered in QloApps up to 1.7.0. Affected is the function Tools::encrypt of the file classes/Tools.php. Executing a manipulation can lead to password hash with insufficient computational effort. This vulnerability is handled as CVE-2026-25861. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Seagate openSeaChest up to 26.03.0 and classified as critical. This affects an unknown function. This manipulation causes out-of-bounds write. This vulnerability is registered as CVE-2026-10718. The attack needs to be launched locally. No exploit is available.

A vulnerability marked as critical has been reported in Seagate SeaChest up to 25.05.3. Impacted is the function showSupportedFormats of the component NVMe Handler. Performing a manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-10719. The attack needs to be approached locally. There is no available exploit.

美国白宫网站当地时间6月2日报道，美国总统特朗普当天签署了一项关于先进人工智能监管的行政命令《推动先进人工智能创新与安全》。

Rapid7 警告称，惠普多款 Poly Voice VoIP 电话型号存在严重漏洞，可被利用获取 root 权限并远程执行代码（RCE），使攻击者能在企业网络中立足。   该漏洞编号为 CVE - 2026 - 0826（通用漏洞评分系统 CVSS 评分为 9.2），是会话描述协议（SDP）属性解析过程中基于栈的缓冲区溢出问题，影响启用了交互式连接建立（ICE）功能的设备。 &nbsp...

‍硬件安全 ×AI 创作跨界联动，全网上线征稿！

A vulnerability labeled as critical has been found in Siemens SIMATIC HMI Comfort Outdoor Panels, SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels and SIMATIC Wincc Runtime Advanced up to 16 Update 3. Impacted is an unknown function of the component Device Layout Handler. Executing a manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2021-27386. The attack is only possible within the local network. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as critical has been reported in Siemens SIMATIC Drive Controller, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2, SIMATIC S7-1200 CPU, SIMATIC S7-1500 CPU, SIMATIC S7-1500 Software Controller and SIMATIC S7-PLCSIM Advanced. The affected element is an unknown function of the component Service Port 102. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2020-15782. The attack can be initiated remotely. There is not any exploit available. It is suggested to use restrictive firewalling.