Aggregator

超过千万人口陷入黑暗。

A vulnerability has been found in Google Chrome on macOS and classified as problematic. This affects an unknown part of the component ANGLE. This manipulation causes out-of-bounds read. This vulnerability appears as CVE-2025-14174. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

小升初落停，那个暑假，她认识了一名即将升高中的学霸小姐姐。

A vulnerability classified as problematic was found in postalserver postal up to 3.3.4. Affected by this issue is some unknown functionality of the component Admin Interface. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-25529. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in OpenCTI up to 6.8.15. It has been declared as critical. The impacted element is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-21887. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Hyperterse up to 2.1.x. It has been rated as critical. This affects an unknown function. Performing a manipulation results in unparsed raw web content delivery. This vulnerability is identified as CVE-2026-31841. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Inoutscripts Inout EasyRooms Ultimate Edition 1.0. Affected by this vulnerability is an unknown functionality of the file search/searchdetailed of the component POST Request Handler. This manipulation of the argument property1 causes sql injection. This vulnerability appears as CVE-2019-25528. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in GL-iNet GL-AR300M16 4.3.11. Impacted is the function set_upgrade. Executing a manipulation of the argument modem_url/target_version/current_version/firmware_upload/hash_type/hash_value/upgrade_type can lead to command injection. This vulnerability is registered as CVE-2026-26792. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical was found in GL-iNet GL-AR300M16 4.3.11. The impacted element is the function enable_echo_server. The manipulation results in command injection. This vulnerability is reported as CVE-2026-26791. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in GL-iNet GL-AR300M16 4.3.11. This impacts the function add_group of the component HTTP Handler. Such manipulation leads to sql injection. This vulnerability is traded as CVE-2026-26794. The attack may be launched remotely. There is no exploit available.

Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages — sbx-mask and touch-adv — designed to exfiltrate secrets from victims' computers.

The post Sonatype Discovers Two Malicious npm Packages appeared first on Security Boulevard.

四川警察学院联合成都欧深特信息科技有限公司在成都校区（成都市双流区黄水镇云岭路36号）举办开源情报分析师实战能力培训班，第2期培训班定于2026年4月26日至5月1日举行。

2026 年2月28日，爆发的美国、以色列与伊朗之间的军事冲突（如“咆哮狮子行动”或“史诗之怒行动”）中，各方部署了涵盖从低成本自杀式无人机到高超音速导弹的先进武器系统。

New Filing Frames Anthropic Dispute as Operational Control Issue - Not Free Speech
The Justice Department is arguing in a new court filing that Anthropic’s ability to update guardrails and behavior post-deployment creates unacceptable supply-chain risks, warning that vendor access to AI systems could enable manipulation or failure in mission-critical defense operations.