Submit #831451: gradio-app gradio 6.14.0 Cache Poisoning [Accepted]
Submit #831451 / VDB-368140
Aggregator
梅涅劳斯定理(Menelaus)
1 week 5 days ago
几十年后才注意到它
CVE-2026-10777 | ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08 Administrative Backend admin/config.php improper authentication (EUVD-2026-34186)
1 week 5 days ago
A vulnerability categorized as critical has been discovered in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication.
This vulnerability is listed as CVE-2026-10777. The attack may be performed from remote. In addition, an exploit is available.
This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
青春与长寿之间的基因权衡
1 week 5 days ago
科学家发现基因 vgll3 与生命早期生长发育和生殖成功以及生命晚期衰老加速和癌症风险增加直接相关。最新研究为 antagonistic pleiotropy 假说提供了实验证据。该假说认为某些基因会在生命早期带来优势,但在生命晚期则会带来不利影响。研究人员针对了一种寿命非常短的非洲丽鱼(African turquoise killifish),使用 CRISPR 基因编辑技术修改了该基因。结果显示,修改了 vgll3 基因的鱼生长速度更快,性成熟更早,在自然环境中具有繁殖优势。但代价是寿命缩短,且罹患与年龄相关癌症的几率更高。研究人员指出,大自然并不优先考虑寿命,而是优先考虑延续性。人类也存在 vgll3 基因,这项研究也有助于更好的理解人类发育、衰老和年龄相关疾病。
Невидимый, вездесущий, всюду за вами: так Qualcomm описала ИИ-агента, который придёт на смену смартфону
1 week 5 days ago
Qualcomm объяснила, почему смартфон уйдет на второй план.
SecWiki News 2026-06-03 Review
1 week 5 days ago
今日暂未更新资讯~
更多最新文章,请访问SecWiki
更多最新文章,请访问SecWiki
Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises
1 week 5 days ago
A stealthy new threat is quietly making its way through US businesses, and most traditional security tools are completely missing it. Researchers have uncovered a previously unknown piece of malware that disguises itself as an everyday business document — a purchase order, a quote, or a request for proposal. Once an unsuspecting employee opens the […]
The post Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises appeared first on Cyber Security News.
Balaji N
Submit #831445: ealpha072 Student-Management-System 1.0 Unauthenticated Access [Accepted]
1 week 5 days ago
Submit #831445 / VDB-368139
AAAAAlln1
CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems
1 week 5 days ago
A serious wave of cyberattacks is now targeting a piece of infrastructure that most people never think about. Automatic Tank Gauge systems, commonly known as ATG systems, are used across the United States to remotely monitor fuel levels, liquid volumes, temperatures, and potential leaks in storage tanks. These systems sit quietly in the background, keeping […]
The post CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2026-10775 | sgl-project SGLang up to 0.5.11 Cache data_hash denial of service (Issue 25462 / EUVD-2026-34185)
1 week 5 days ago
A vulnerability was found in sgl-project SGLang up to 0.5.11. It has been rated as problematic. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service.
This vulnerability is tracked as CVE-2026-10775. The attack is restricted to local execution. Moreover, an exploit is present.
The pull request to fix this issue awaits acceptance.
vuldb.com
CVE-2026-10771 | crmeb crmeb_java 1.4 base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity url server-side request forgery (Issue 35)
1 week 5 days ago
A vulnerability was found in crmeb crmeb_java 1.4. It has been declared as critical. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request forgery.
This vulnerability is identified as CVE-2026-10771. The attack can be executed remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
Submit #831438: sgl-project/ sglang 0.5.11 Cache Poisoning [Accepted]
1 week 5 days ago
Submit #831438 / VDB-368138
Dem0
CVE-2026-10766 | mlrun up to 1.12.0-rc3 DataFrame Hash mlrun/utils/helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash (Issue 9691)
1 week 5 days ago
A vulnerability was found in mlrun up to 1.12.0-rc3. It has been classified as problematic. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash.
This vulnerability is referenced as CVE-2026-10766. The attack can only be performed from a local environment. Furthermore, an exploit is available.
The pull request to fix this issue awaits acceptance.
vuldb.com
Submit #831421: https://github.com/crmeb/crmeb_java crmeb_java v1.4 Server -Side Request Forgery [Accepted]
1 week 5 days ago
Submit #831421 / VDB-368137
mukyuuhate
Submit #831419: mlrun v1.12.0-rc3 Hash Collision [Accepted]
1 week 5 days ago
Submit #831419 / VDB-368136
Dem0
[Control Systems] Phoenix Contact Security Advisory (AV26-546)
1 week 5 days ago
Canadian Centre for Cyber Security
CISA warns of active attacks exploiting Android, Linux bugs
1 week 5 days ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]
Bill Toulas
Хотели свободу? Получите. Почему работа из дома оставила выпускников без работы
1 week 5 days ago
Работодатели нашли новый повод не нанимать людей без опыта.
The Gentleman
1 week 5 days ago
You must login to view this content
cohenido
The Gentleman
1 week 5 days ago
You must login to view this content
cohenido