Aggregator

让每一只“龙虾”都能安全可控

A vulnerability classified as critical has been found in iText 7.1.17. This vulnerability affects the function ByteBuffer.append of the component PDF File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-24197. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Oracle Retail Xstore Point of Service 17.0.6/18.0.5/19.0.4/20.0.3/21.0.2 and classified as critical. The impacted element is an unknown function of the component Xenvironment. Such manipulation leads to time-of-check time-of-use. This vulnerability is documented as CVE-2022-23181. The attack needs to be performed locally. There is not any exploit available.

A vulnerability has been found in Oracle Financial Services Crime and Compliance Management Studio 8.0.8.2.0/8.0.8.3.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Studio. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2022-23181. Local access is required to approach this attack. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Oracle Communications Instant Messaging Server 10.0.1.6.0. Affected is an unknown function of the component Installation. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2022-23181. Local access is required to approach this attack. No exploit exists.

A vulnerability described as critical has been identified in Oracle Financial Services Model Management and Governance 8.0.8.0/8.1.0.0/8.1.1.0. This affects an unknown part of the component Installer/Configuration. Executing a manipulation can lead to time-of-check time-of-use. This vulnerability is registered as CVE-2022-23181. The attack needs to be launched locally. No exploit is available.

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware

Взломщик ByteToBreach опубликовал внутренности шведских госуслуг.

A vulnerability classified as problematic was found in SAP NetWeaver Application Server for ABAP up to 816. This vulnerability affects unknown code. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-24310. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as problematic, has been found in Python CPython up to 3.14.x. This affects an unknown function of the component Tarfile Module. This manipulation causes incorrect comparison. This vulnerability appears as CVE-2025-13462. The attack requires local access. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Cisco Secure Endpoint. This vulnerability affects unknown code of the component ClamAV. The manipulation leads to uncaught exception. This vulnerability is documented as CVE-2026-20031. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in thejoshwolfe yauzl up to 3.2.0. It has been declared as problematic. This affects the function getLastModDate of the component ZIP File Handler. Such manipulation leads to off-by-one. This vulnerability is traded as CVE-2026-31988. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in svgo up to 2.8.0/3.3.2/4.0.0. Affected by this vulnerability is an unknown functionality of the component SVG File Parser. Executing a manipulation can lead to xml entity expansion. This vulnerability is handled as CVE-2026-29074. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

A vulnerability has been found in libexpat up to 2.7.4 and classified as problematic. This affects the function setContext. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-32778. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in libexpat up to 2.7.4. Affected by this issue is some unknown functionality. Executing a manipulation can lead to infinite loop. This vulnerability is registered as CVE-2026-32777. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in libexpat up to 2.7.4. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-32776. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Mumble up to 1.6.869. Affected is an unknown function. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-71264. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in thermalright TR-VISION HOME up to 2.0.4 on Windows. This impacts an unknown function. This manipulation causes inclusion of functionality from untrusted control sphere. This vulnerability is tracked as CVE-2026-4255. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in OpenHarmony up to 5.1.0.x. This affects an unknown function of the component Pre-installed Apps. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2025-52458. The attack is only possible with local access. There is not any exploit available.