Aggregator
粽情端午 乐享假期 | 火绒守御平安
3 weeks 5 days ago
粽情端午 乐享假期 | 火绒守御平安
漏洞管理的分水岭 | 全球第一个国家级漏洞优先级强制指令BOD26-04
3 weeks 5 days ago
美国CISA发布全球首个国家级漏洞优先级强制指令BOD26-04,打破传统全量打补丁模式,基于风险分级设五档修复时限,推动漏洞管理向风险驱动转变。
深入地下市场:人工智能将网络犯罪门槛降到极底
3 weeks 5 days ago
2026年,犯罪导向生成式人工智能的地下市场已经超越了早期围绕"恶意聊天机器人"的炒作。
Payload
3 weeks 5 days ago
You must login to view this content
cohenido
点击一次,Microsoft 365 Copilot 邮件、文件和 MFA 代码就被盗
3 weeks 5 days ago
速修复
思科修复已遭利用的 SD-WAN vManage 漏洞
3 weeks 5 days ago
速修复
Как обмануть ChatGPT короткой фразой c Reddit? Учёные доказали, что умный поиск пасует перед чужими комментариями
3 weeks 5 days ago
Алгоритмы верят тексту обычных пользователей больше, чем проверенным и надёжным источникам.
朱雀二号火箭解体产生上百碎片
3 weeks 5 days ago
蓝箭航天于 6 月 9 日在东风发射场发射了朱雀二号改进型遥六运载火箭(ZQ-2E Y6),将搭载的千帆 DTC 01 星和中国移动 02 星送入预定轨道。但火箭上面级随后在太空发生解体事件,碎片散落在近地轨道,其中部分与国际空间站和 SpaceX Starlink 宽带网络的轨道重叠。LeoLabs 的高级技术研究员 Darren McKnight 表示此次事件可能产生了 100-150 块碎片。其中一块碎片是火箭的第二级,长约 8 米直径约 3.35 米。火箭上面级的主体在距离地球 335-424 公里的轨道上运行,轨道倾角 54.5 度。好消息是轨道高度足够低,空气阻力将使大部分火箭碎片在几个月内重返大气层烧毁。如果轨道高度超过 650 公里,那么碎片将需要数十年甚至更长时间才能重返大气层。
China-linked actor spent two years inside medical research networks
3 weeks 5 days ago
China’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and military research organizations and stayed hidden for more than two years. The earliest confirmed intrusion […]
Pierluigi Paganini
【已复现】Splunk Enterprise 未授权文件操作漏洞(CVE-2026-20253)安全风险通告
3 weeks 5 days ago
致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。
Схема «украл, сбросил, продал» сломалась. Теперь воришкам достаются только бесполезные кирпичи от Apple
3 weeks 5 days ago
Технологические гиганты оставили уличных воров с бесполезными железками.
Firefox 152 释出
3 weeks 5 days ago
Mozilla 释出了 Firefox 152。主要变化包括:默认编译了 JPEG-XL 支持代码,但默认仍然没有启用,用户需要去 Firefox Labs 调整设置启用,JPEG-XL 是新的免专利图像格式,相关编解码器使用了 Rust 语言开发;重新设计了设置界面、在 Windows 不同硬件配置下支持 HDR 视频、支持 CSS 的 field-sizing 属性,以及一系列面向开发者的新功能,等等。
CVE-2025-10262 | Nokia SR Linux up to 23.10.7/24.10.5/25.7.1 Local Privilege Escalation (EUVD-2025-210164)
3 weeks 5 days ago
A vulnerability was found in Nokia SR Linux up to 23.10.7/24.10.5/25.7.1. It has been declared as problematic. This affects an unknown function. Such manipulation leads to Local Privilege Escalation.
This vulnerability is listed as CVE-2025-10262. The attack must be carried out locally. There is no available exploit.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-50255 | Sony Optical Disc Archive Software for Windows up to 5.5.3 on Windows default permission (EUVD-2026-37035)
3 weeks 5 days ago
A vulnerability was found in Sony Optical Disc Archive Software for Windows up to 5.5.3 on Windows. It has been classified as critical. The impacted element is an unknown function. This manipulation causes incorrect default permissions.
This vulnerability is tracked as CVE-2026-50255. The attack is restricted to local execution. No exploit exists.
vuldb.com
CVE-2026-5149 | rometheme RTMKit Plugin up to 2.0.7 on WordPress AJAX Endpoint entries_id authorization (EUVD-2026-37038)
3 weeks 5 days ago
A vulnerability was found in rometheme RTMKit Plugin up to 2.0.7 on WordPress and classified as problematic. The affected element is an unknown function of the component AJAX Endpoint. The manipulation of the argument entries_id results in incorrect authorization.
This vulnerability is identified as CVE-2026-5149. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-10780 | mohammadtanzilurrahman Static Block Plugin up to 2.2 on WordPress Shortcode static_block_content ID authorization (EUVD-2026-37034)
3 weeks 5 days ago
A vulnerability has been found in mohammadtanzilurrahman Static Block Plugin up to 2.2 on WordPress and classified as problematic. Impacted is the function static_block_content of the component Shortcode Handler. The manipulation of the argument ID leads to authorization bypass.
This vulnerability is referenced as CVE-2026-10780. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-9187 | zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress action__remove_abandoned authorization (EUVD-2026-37032)
3 weeks 5 days ago
A vulnerability, which was classified as critical, was found in zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress. This issue affects the function action__remove_abandoned. Executing a manipulation can lead to missing authorization.
The identification of this vulnerability is CVE-2026-9187. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-10635 | zephyrproject zephyr up to 4.4.x Xtensa memory-domain de-initialization Feature ptables.c k_mem_domain_deinit use after free (GHSA-39v7-cx8j-gq82 / EUVD-2026-37036)
3 weeks 5 days ago
A vulnerability, which was classified as critical, has been found in zephyrproject zephyr up to 4.4.x. This vulnerability affects the function k_mem_domain_deinit of the file arch/xtensa/core/ptables.c of the component Xtensa memory-domain de-initialization Feature. Performing a manipulation results in use after free.
This vulnerability was named CVE-2026-10635. The attack needs to be approached locally. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-6933 | Premmerce Dev Tools Plugin up to 2.0 on WordPress generatePluginHandler premmerce_plugin_namespace unrestricted upload (EUVD-2026-37033)
3 weeks 5 days ago
A vulnerability classified as critical was found in Premmerce Dev Tools Plugin up to 2.0 on WordPress. This affects the function generatePluginHandler. Such manipulation of the argument premmerce_plugin_namespace leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2026-6933. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
vuldb.com