Aggregator

A vulnerability was found in undici. It has been rated as problematic. The affected element is the function when interceptors.deduplicate. Performing a manipulation results in allocation of resources. This vulnerability was named CVE-2026-2581. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in undici up to 6.23.x/7.23.x. It has been rated as problematic. This impacts an unknown function of the component WebSocket Frame Handler. The manipulation leads to uncaught exception. This vulnerability is uniquely identified as CVE-2026-1528. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Python CPython up to 3.14.x. It has been declared as critical. Affected by this issue is the function http.cookies.Morsel. Such manipulation leads to improper input validation. This vulnerability is listed as CVE-2026-3644. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Python CPython up to 3.14.x. This vulnerability affects the function ElementDeclHandler of the component Expat Parser. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-4224. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Tenda AC8 up to 16.03.50.11. It has been rated as critical. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-4254. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in Craft CMS up to 4.17.5/5.9.11. The impacted element is an unknown function. This manipulation causes incorrect authorization. This vulnerability is registered as CVE-2026-32267. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Chamilo LMS up to 1.11.35. Impacted is an unknown function of the file h5p.json of the component H5P Import Feature. The manipulation results in code injection. This vulnerability is reported as CVE-2026-30875. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Chamilo LMS up to 1.11.33 and classified as critical. This affects an unknown part of the component Legacy Password Reset Handler. Such manipulation of the argument custom_dates leads to sql injection. This vulnerability is referenced as CVE-2026-28430. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Chamilo LMS up to 1.11.35. It has been declared as problematic. This issue affects some unknown processing. Executing a manipulation can lead to observable response discrepancy. This vulnerability is tracked as CVE-2026-30876. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

Европейская юридическая практика столкнулась с поистине уникальным случаем.

Traefik Labs has announced new capabilities that extend Traefik Hub’s Triple Gate architecture (API Gateway, AI Gateway, and MCP Gateway) with deeper runtime governance across the full AI workflow, including a composable multi-vendor safety pipeline with parallel guard execution, multi-provider failover routing, token-level cost controls, graceful error handling for agent-aware enforcement, IBM Granite Guardian integration, and a new Regex Guard capability that enables organizations to create custom guards. These capabilities address a growing gap. Enterprises … More →

The post Traefik Triple Gate gains parallel safety pipelines, failover routing, and AI runtime controls appeared first on Help Net Security.

嗯，用户让我总结这篇文章的内容，控制在一百个字以内。首先，我需要仔细阅读文章，抓住关键点。文章讲的是三星停止销售一款售价2899美元的三折叠屏手机Galaxy Z TriFold。这款手机上市三个月就被停产了，说明它更多是作为技术展示，而不是主力产品。 接下来，三星先在韩国停止销售，之后在美国也会终止。官网已经不再预告补货信息，现在显示“已售罄”。不过有些门店还有存货。这些信息都需要包含进去。 然后，我要确保语言简洁，不超过一百个字。直接描述事件，不需要开头语。可能的结构是：三星停止销售三折叠屏手机Galaxy Z TriFold，售价2899美元，上市三个月后停产，作为技术展示而非主力产品，在韩国和美国逐步停止销售，官网显示售罄但部分门店仍有库存。 最后检查一下字数和内容是否准确传达了原文的意思。 三星停止销售售价2899美元的三折叠屏手机Galaxy Z TriFold，该产品上市三个月后逐步停产。三星首先在韩国市场停止销售，并计划在美国清空库存后终止业务。尽管官网显示“已售罄”，但部分门店仍存有少量存货。

一年一度的 Debian 项目领导人（DPL）竞选启动，今年只有一位候选人 Sruthi Chandran——她是一位来自印度的图书管理员，2025 年的 DPL Andreas Tille 没有再次参选。竞选期持续到 4 月 3 日，投票期从 4 月 4 日持续到 4 月 17 日。Debian 项目的选民们将要在同意 Sruthi Chandran 担任 DPL 或不同意（以上皆非）两个选项中进行投票。DPL 选举采用的是孔多塞投票法。

Currently trending CVE - Hype Score: 8

白泽逐影智能体安全研究团队带你一起揭秘共享龙虾的安全风险！

A vulnerability, which was classified as critical, was found in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-3974. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability has been found in Tenda W3 1.0.0.3(2204) and classified as critical. This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-3975. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda W3 1.0.0.3(2204) and classified as critical. Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-3976. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in projectsend up to r1945. It has been classified as critical. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-3977. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in D-Link DIR-513 1.10. It has been declared as critical. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-3978. The attack can be launched remotely. Moreover, an exploit is present.