Aggregator
【安全圈】开源论坛软件 phpBB 曝身份认证绕过漏洞,官方发布 3.3.17 版本更新修复
3 weeks 5 days ago
【安全圈】高德地图崩了!!!
3 weeks 5 days ago
CVE-2026-45977 | Linux Kernel up to 6.18.13/6.19.3 fbnic fbnic_fw_log_write null pointer dereference
3 weeks 5 days ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.13/6.19.3. Affected by this vulnerability is the function fbnic_fw_log_write of the component fbnic. The manipulation results in null pointer dereference.
This vulnerability is cataloged as CVE-2026-45977. The attack must originate from the local network. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-45972 | Linux Kernel up to 6.19.3 smb smb2_open_file use after free
3 weeks 5 days ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3. Affected by this issue is the function smb2_open_file of the component smb. This manipulation causes use after free.
This vulnerability is registered as CVE-2026-45972. The attack requires access to the local network. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2026-45979 | Linux Kernel up to 6.19.3 amdgpu amdgpu_cs_parser_bos privilege escalation
3 weeks 5 days ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.3. This affects the function amdgpu_cs_parser_bos of the component amdgpu. Such manipulation leads to privilege escalation.
This vulnerability is documented as CVE-2026-45979. The attack requires being on the local network. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-45978 | Linux Kernel up to 6.19.3 staging gb_lights_light_config null pointer dereference
3 weeks 5 days ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.3. This vulnerability affects the function gb_lights_light_config of the component staging. Performing a manipulation results in null pointer dereference.
This vulnerability is reported as CVE-2026-45978. The attacker must have access to the local network to execute the attack. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-45981 | Linux Kernel up to 6.19.3 s390 css_alloc_subchannel use after free
3 weeks 5 days ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.19.3. This issue affects the function css_alloc_subchannel of the component s390. Executing a manipulation can lead to use after free.
This vulnerability appears as CVE-2026-45981. The attacker needs to be present on the local network. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-45982 | Linux Kernel up to 6.19.3 ACPICA acpi_ev_address_space_dispatch null pointer dereference
3 weeks 5 days ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3. Impacted is the function acpi_ev_address_space_dispatch of the component ACPICA. The manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2026-45982. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-45975 | Linux Kernel up to 6.19.3 ublk READ_ONCE stack-based overflow
3 weeks 5 days ago
A vulnerability was found in Linux Kernel up to 6.19.3. It has been classified as critical. The affected element is the function READ_ONCE of the component ublk. Performing a manipulation results in stack-based buffer overflow.
This vulnerability was named CVE-2026-45975. The attack needs to be approached within the local network. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-10093 | deepakkite Secure Client Portal and Private File Sharing Plugin cross site scripting (EUVD-2026-37041)
3 weeks 5 days ago
A vulnerability labeled as problematic has been found in deepakkite Secure Client Portal and Private File Sharing Plugin up to 2.1.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument fldr_ttl results in cross site scripting.
This vulnerability is reported as CVE-2026-10093. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-9912 | Nokia SR Linux up to 23.10.7/24.10.5/25.7.1 Local Privilege Escalation (EUVD-2025-210165)
3 weeks 5 days ago
A vulnerability identified as problematic has been detected in Nokia SR Linux up to 23.10.7/24.10.5/25.7.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to Local Privilege Escalation.
This vulnerability is documented as CVE-2025-9912. The attack needs to be performed locally. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-46331 | Linux Kernel net tcf_pedit_act infinite loop (EUVD-2026-37039 / WID-SEC-2026-1938)
3 weeks 5 days ago
A vulnerability categorized as critical has been discovered in Linux Kernel. Affected is the function tcf_pedit_act of the component net. Executing a manipulation can lead to infinite loop.
This vulnerability is registered as CVE-2026-46331. The attack requires access to the local network. No exploit is available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-8444 | WP Review Slider Pro Plugin up to 12.6.8 on WordPress AJAX Action get_results curselrevs sql injection (EUVD-2026-37040)
3 weeks 5 days ago
A vulnerability was found in WP Review Slider Pro Plugin up to 12.6.8 on WordPress. It has been rated as critical. This impacts the function get_results of the component AJAX Action Handler. Performing a manipulation of the argument curselrevs results in sql injection.
This vulnerability is cataloged as CVE-2026-8444. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
FBI Warns Courier Cash Pickups Are Driving Crypto Scams
3 weeks 5 days ago
The FBI claims couriers are being used to circumvent bank transfers in crypto investment schemes
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
3 weeks 5 days ago
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new malware called NarwhalRAT.
"The attack email contained a message impersonating an MS account security alert," the Genians Security Center (GSC) said. "It was designed to create concern over possible
The Hacker News
Карантин, задержки и проверка на благонадежность. Эстония изолирует госслужбу от писем из зоны .ru.
3 weeks 5 days ago
Эстонские чиновники перестанут получать почту из России напрямую.
curl 暂停一个月接受漏洞报告
3 weeks 5 days ago
curl 项目维护者 Daniel Stenberg 宣布,curl 将于 7 月 1 日至 8 月 3 日期间暂停接收漏洞报告,除非提交者拥有付费支持合同。他称之为“curl 的极乐夏日”。Stenberg 称过去四个月一直承受着巨大的压力,他们需要休息一下。GitHub 上的项目 issue 和 pull-request 保持开放,curl 8.22.0 的发布日期推迟两周至 2026 年 9 月 2 日发布。
从“权重封锁”到“Harness突围”:Mythos/Fable 5事件与国产漏洞挖掘智能体的自主实践
3 weeks 5 days ago
Mythos级模型下架?看国产模型+漏洞挖掘Harness能力突围
Первый опен-эйр по кибербезопасности «Лето в Киберкэмпе»
3 weeks 5 days ago
17 июля, «Берёзы Парк Строгино» — разборы кейсов, киберучения и доклады от топ-экспертов рынка ИБ