Aggregator

A vulnerability marked as critical has been reported in Siemens RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536 and RUGGEDCOM ROX RX5000 up to 2.17.0. This affects the function Scheduler. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2025-40949. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Siemens RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536 and RUGGEDCOM ROX RX5000 up to 2.17.0. The impacted element is an unknown function of the component RPC Interface. Executing a manipulation can lead to argument injection. The identification of this vulnerability is CVE-2025-40948. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Google Cloud AlloyDB for PostgreSQL. The affected element is an unknown function of the component REST API. Performing a manipulation results in use of default credentials. This vulnerability was named CVE-2026-7428. The attack may be initiated remotely. There is no available exploit. This product is a managed service, therefore users are not responsible for maintaining vulnerability countermeasures. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Siemens SIMATIC CN 4100 up to 4.x. Impacted is an unknown function. Such manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2026-22925. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

除了首页时间流和侧栏的精选展位，少数派 Matrix 社区还有很多优秀内容因条件所限无法得到有效曝光，因此我们决定重启 Matrix 周报，并在此基础上添加更多社区内容、作者投稿「新玩意」呈现给大家。

对比奇安信、天融信、绿盟科技、启明星辰、安恒信息 2019—2025 年经营数据，行业现金流已明显修复，但收入、毛利率和费用率仍显示出深层压力。

火绒安全先后斩获"基于深度学习的恶意样本自动分析方法及系统" 与"一种基于PE虚拟沙盒实现.NET虚拟沙盒的方法"两项国家发明专利

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

WannaCry, the ransomware attack that changed the history of cybersecurity

WannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant events in recent cybersecurity history, not only for its global scale but also […]

HiddenLayer reveals infostealer malware in a Hugging Face repository

Пассворк получил сертификат ФСТЭК России № 5063 по 4-му уровню доверия, наивысшему для коммерческих СЗИ

A vulnerability was found in davidskysa Skysa Text Ticker App Plugin up to 1.4 on WordPress. It has been rated as problematic. This issue affects the function SkysaApps_Admin_AppPage of the component Scrolling Message Handler. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2026-6710. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in shamim_d Bootstrap Shortcode Plugin up to 1.0 on WordPress. It has been declared as problematic. This vulnerability affects the function box of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-7661. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in webpack-dev-server up to 5.2.3. It has been classified as problematic. This affects an unknown part. The manipulation leads to exposed dangerous routine. This vulnerability is traded as CVE-2026-6402. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in riotweb Advanced Social Media Icons Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function social of the component Shortcode Handler. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-7659. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in phkcorp2005 WP-Redirection Plugin up to 1.0.3 on WordPress and classified as problematic. Affected by this vulnerability is the function check_admin_referer of the component Setting Handler. Performing a manipulation of the argument nonce results in cross-site request forgery. This vulnerability is reported as CVE-2026-7562. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.