Aggregator

A vulnerability categorized as problematic has been discovered in RSAVAGE Crypt::PasswdMD5 up to 1.42 on Perl. Affected is the function Crypt::PasswdMD5. The manipulation results in cryptographically weak prng. This vulnerability was named CVE-2026-6659. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Linux Kernel up to 6.19.5. It has been rated as critical. This affects the function nested_svm_load_cr3. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2026-43315. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in MapServer up to 8.6.1. This impacts an unknown function of the component WMS Handler. The manipulation of the argument SRS results in basic cross site scripting. This vulnerability is identified as CVE-2026-42030. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

根据 Linux 基金会公布的 2025 年年度报告，去年它在 Linux 内核项目上的开支为 841 万美元，占到了总预算的 2.95%，其中 Linux 内核作者 Linus Torvalds 薪水大约为 150 万美元（其中包括百万美元的“其它”收入，该收入未明确定义）。Linux 基金会其实是一个行业协会，并非公益性非营利组织，它的资金来自于科技巨头的赞助，从董事会成员的构成就可以看出，它的董事来自索尼、华为、OpenAI、高通、三星、微软、甲骨文、Google 和 Meta 等。Linux 基金会托管了大约 1500 个开源项目，Linux 内核也不是最大的项目，它在区块链上支出占到了总预算的 4%。

Autoruns, ProcDump, ZoomIt, Process Explorer и другие утилиты получили новые функции для диагностики, записи и анализа процессов.

RansomHouse勒索组织在其暗网公布了一个新的勒索攻击受害者，显示Trellix(McAee & FireEye)，并提供了一些服务器的截图信息。 今年勒索病毒黑客组织攻击活动是真的多，时不时就有国内企业被勒索攻击，请大家注意防范。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

A vulnerability was found in Devs Palace ERP Online up to 4.0.0. It has been classified as problematic. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-8221. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

本次攻击通过仿冒 Chrome 扩展与远程钓鱼页面构建双层攻击链，实现钱包凭据窃取，并结合反分析、地域分流等手段展现出成熟的钓鱼攻击工程化能力。

MistEye Security Gate 专注依赖于安装前的安全检查，通过硬阻断逻辑和全量覆盖率门限，为 AI 代理的依赖安全提供可靠的前置防线。

A vulnerability was found in Linux Kernel up to 6.12.77/6.18.18/6.19.8. It has been declared as critical. Affected by this issue is the function nfsd_nl_listener_set_doit. Executing a manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2026-43394. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.8. It has been rated as critical. Affected by this issue is the function rcu_tasks_wait_gp. Performing a manipulation results in infinite loop. This vulnerability is reported as CVE-2026-43385. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.129/6.12.77/6.18.18/6.19.8. Impacted is the function ufshcd_rtc_work. The manipulation results in denial of service. This vulnerability is reported as CVE-2026-43415. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

适用于多Agent产品迭代时一套”防互相踩踏”协作规约。

A vulnerability, which was classified as problematic, was found in IBM WebSphere Portal up to 8.0.0.1 CF10. This issue affects some unknown processing of the component Render Engine. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2014-0828. The attack can be launched remotely. Moreover, an exploit is present. You should upgrade the affected component.