Aggregator
火绒小问答——「企业版」升级提示需要SHA-2签名补丁
1 week 5 days ago
火绒小问答——「企业版」升级提示需要SHA-2签名补丁
火山引擎ArkClaw开启安全专测!顶尖赏金与限量周边奉上!
1 week 5 days ago
ArkClaw 正式开启安全专测活动!
«Алло, это Индия? Скачайте Max». Как Минцифры предлагает экспортерам заменить WhatsApp
1 week 5 days ago
Российские компании могут потерять зарубежных партнеров из-за блокировок.
网络安全信息与动态周报2026年第11期(3月9日-3月15日)
1 week 5 days ago
本周,互联网网络安全态势整体评价为良。
【资料】美以伊战争动态
1 week 5 days ago
概述2026年3月17日的《伊朗更新晚间特别报告》提供了关于伊朗战争的最新分析。
Robotic surgery firm Intuitive reports data breach after targeted phishing attack
1 week 5 days ago
Intuitive suffered a phishing attack leading to a data breach exposing customer, employee, and corporate information. Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci Surgical System for general surgery and the Ion endoluminal system for precise procedures inside the […]
Pierluigi Paganini
Пишите код на macOS и думаете, что защищены? Инфостилер MacSync смеётся над вами в голос
1 week 5 days ago
Злоумышленники бьют в слепую зону защиты — в доверчивого пользователя.
【养虾人必读】告别黑盒!让你的 OpenClaw 像水晶一样透明
1 week 5 days ago
如何让你的 Agent 更准确:MCP 工具设计技巧
1 week 5 days ago
Tracking the Iran War: A Month of Escalation and Regional Impact
1 week 5 days ago
Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Iran)
Pierluigi Paganini
Секунды на спасение сети: Positive Technologies радикально ускорили поиск киберугроз
1 week 5 days ago
Что еще изменилось в новой версии PT Fusion.
CVE-2026-33017 | langflow-ai Langflow up to 1.8.1 Public Flow Build Endpoint eval injection
1 week 5 days ago
A vulnerability, which was classified as critical, was found in langflow-ai Langflow up to 1.8.1. This impacts an unknown function of the component Public Flow Build Endpoint. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code.
The identification of this vulnerability is CVE-2026-33017. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-32878 | parse-server Deep Copy prototype pollution
1 week 5 days ago
A vulnerability, which was classified as problematic, has been found in parse-server. This affects an unknown function of the component Deep Copy. Performing a manipulation results in improperly controlled modification of object prototype attributes.
This vulnerability was named CVE-2026-32878. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-23555 | Xen Xenstored denial of service (Nessus ID 302813 / WID-SEC-2026-0760)
1 week 5 days ago
A vulnerability classified as critical was found in Xen. The impacted element is an unknown function of the component Xenstored. Such manipulation leads to denial of service.
This vulnerability is uniquely identified as CVE-2026-23555. The attack can only be initiated within the local network. No exploit exists.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2026-23554 | Xen EPT use after free (Nessus ID 302811 / WID-SEC-2026-0760)
1 week 5 days ago
A vulnerability classified as critical has been found in Xen. The affected element is an unknown function of the component EPT. This manipulation causes use after free.
This vulnerability is handled as CVE-2026-23554. The attack can only be done within the local network. There is not any exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2026-22322 | Phoenix Contact FL SWITCH 2005 up to 3.52 Link Aggregation Configuration Interface cross site scripting (VDE-2025-104 / EUVD-2026-12791)
1 week 5 days ago
A vulnerability described as problematic has been identified in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. Impacted is an unknown function of the component Link Aggregation Configuration Interface. The manipulation results in cross site scripting.
This vulnerability is known as CVE-2026-22322. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-22316 | Phoenix Contact FL SWITCH 2005 up to 3.52 WebUI stack-based overflow (VDE-2025-104 / EUVD-2026-12785)
1 week 5 days ago
A vulnerability marked as critical has been reported in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. This issue affects some unknown processing of the component WebUI. The manipulation leads to stack-based buffer overflow.
This vulnerability is traded as CVE-2026-22316. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-31703 | Dahua NVR2-4KS3/XVR4232AN-I/T/XVR1B16H-I authentication bypass (EUVD-2025-208815)
1 week 5 days ago
A vulnerability labeled as problematic has been found in Dahua NVR2-4KS3, XVR4232AN-I, T and XVR1B16H-I. This vulnerability affects unknown code. Executing a manipulation can lead to authentication bypass by primary weakness.
This vulnerability appears as CVE-2025-31703. The physical device can be targeted for the attack. There is no available exploit.
vuldb.com
CVE-2026-22323 | Phoenix Contact FL SWITCH 2005 up to 3.52 Link Aggregation Configuration Interface cross-site request forgery (VDE-2025-104 / EUVD-2026-12794)
1 week 5 days ago
A vulnerability identified as problematic has been detected in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. This affects an unknown part of the component Link Aggregation Configuration Interface. Performing a manipulation results in cross-site request forgery.
This vulnerability is reported as CVE-2026-22323. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com