开源电子病历软件 OpenEMR 发现 38 个漏洞
近日,应用安全公司 Aisle 在开源电子病历平台 OpenEMR 中发现了数十个漏洞,其中包括一些可被利用来窃取敏感患者信息的严重问题。 OpenEMR 在全球范围内被超 10 万名医疗服务提供者使用,存储着超 2 亿患者的数据。Aisle 对其进行了分析,该公司的自动分析工具识别出 39 个问题,其中 38 个已被分配 CVE 标识符。 此次研究是 OpenEMR ...
Aggregator
Сдал экзамен на хакера в 16 лет. К 19 — восемь миллионов требований и арест в аэропорту
1 month 2 weeks ago
Его хакерская карьера началась в 16 лет, а закончилась в аэропорту Хельсинки.
慢雾出品|链接真实世界资产:从协议族解析到安全实践
1 month 2 weeks ago
本文从安全审计视角探讨 RWA ,旨在帮助开发者在写 RWA 协议时针对性开发,并为审计人员提供一套专门针对现实世界资产映射场景的系统方法。
Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities
1 month 2 weeks ago
As the OpenClaw ecosystem continues to surge in popularity, more customers are deploying and utilizing these AI agents on a large scale. However, this growth has brought significant security challenges to the forefront, including over 33 documented CVE vulnerabilities, 288+ GHSA security advisories, the rise in malicious Skills, and frequent memory poisoning attacks. The NSFOCUSLLM […]
The post Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities appeared first on NSFOCUS.
The post Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities appeared first on Security Boulevard.
NSFOCUS
SAP 官方 npm 包受陷,被用于供应链攻击窃取凭据
1 month 2 weeks ago
可能因一个 npm 令牌通过配置错误的 CircleCI 任务被泄露造成。
Copy Fail: 仅732字节,通杀所有主流 Linux 发行版,隐藏9年的 root 提权漏洞
1 month 2 weeks ago
速修复
奇安信Qcode Agents亮相数字中国,以多智能体协同守护AI时代代码安全
1 month 2 weeks ago
奇安信Qcode Agents以多智能体协同架构,精准破解研发安全痛点,本次数字中国峰会重点展示了三大核心智能体的实战能力,实现安全防护与研发效率双重提升。
官方 SAP npm 软件包遭入侵,用于窃取凭证
1 month 2 weeks ago
多个官方 SAP npm 软件包疑似遭 TeamPCP 供应链攻击,被入侵后用于窃取开发者系统中的凭证和身份验证令牌。 安全研究人员报告称,此次入侵影响了四个软件包,目前这些版本在 NPM 上已标记为弃用: @cap-js/sqlite – v2.2.2 @cap-js/postgres – v2.2.2 @cap-js/db-service – ...
hackernews
热门 WordPress 重定向插件暗藏休眠后门多年
1 month 2 weeks ago
“快速页面 / 文章重定向”(Quick Page/Post Redirect)插件安装量超 7 万,5 年前被植入后门,可向用户网站注入任意代码。 该恶意软件由 WordPress 托管服务提供商 Anchor 的创始人奥斯汀・金德(Austin Ginder)发现。他旗下有 12 个受感染站点触发安全警报后,他展开调查并发现了这一情况。 &l...
hackernews
Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017
1 month 2 weeks ago
A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017. Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was discovered by Theori researcher Taeyang Lee and scaled into a full exploit chain by the […]
The post Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017 appeared first on Cyber Security News.
Guru Baran
【已复现】732字节、1秒root、九年无人知——Linux近年最稳定提权漏洞
1 month 2 weeks ago
检测业务是否受到此漏洞影响,请联系长亭应急服务团队!
INC
1 month 2 weeks ago
You must login to view this content
cohenido
Linux提权漏洞!10行代码直接root
1 month 2 weeks ago
立即查看详情 →
【已复现】cPanel&WHM 身份认证绕过漏洞(CVE-2026-41940)安全风险通告
1 month 2 weeks ago
致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。
【已复现】Linux Kernel "Copy Fail" 本地权限提升漏洞(CVE-2026-31431)安全风险通告
1 month 2 weeks ago
致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。
由一个反序列化问题所想到的通用思路
1 month 2 weeks ago
Ghost Bits,Java WAF之殇?
1 month 2 weeks ago
在前两天的BlacksetHat Asia 2026上,@浅蓝和@1ue分享一个非常有趣的议题,Java中的GhostBits漏洞
探究深度非常深,影响范围非常之广,内容非常有意思
LoRexxar
CVE-2026-7354 | Google Chrome up to 147.0.7727.117 Angle out-of-bounds write (ID 498746 / Nessus ID 310943)
1 month 2 weeks ago
A vulnerability marked as critical has been reported in Google Chrome. This vulnerability affects unknown code of the component Angle. The manipulation leads to out-of-bounds write.
This vulnerability is uniquely identified as CVE-2026-7354. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-7336 | Google Chrome up to 147.0.7727.117 WebRTC use after free (ID 500767 / EUVD-2026-26162)
1 month 2 weeks ago
A vulnerability described as critical has been identified in Google Chrome. Affected by this issue is some unknown functionality of the component WebRTC. Executing a manipulation can lead to use after free.
The identification of this vulnerability is CVE-2026-7336. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-7358 | Google Chrome up to 147.0.7727.117 Animation use after free (ID 496285 / Nessus ID 310944)
1 month 2 weeks ago
A vulnerability classified as critical has been found in Google Chrome. Impacted is an unknown function of the component Animation. This manipulation causes use after free.
The identification of this vulnerability is CVE-2026-7358. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com