Aggregator

A vulnerability labeled as critical has been found in HMBRAND Text::CSV_XS up to 1.61 on Perl. This impacts the function after_parse/before_print/on_error. Executing a manipulation can lead to expired pointer dereference. This vulnerability is registered as CVE-2026-7111. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Tubitak Bilgem Pardus Software Center 1.0.2. This affects an unknown function. Performing a manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2026-5141. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Tubitak Bilgem Pardus About up to 1.2.0. The impacted element is an unknown function. Such manipulation leads to link following. This vulnerability is listed as CVE-2026-5161. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Cockpit up to 2.13.5. It has been rated as critical. The affected element is an unknown function of the component Endpoint. This manipulation of the argument func causes privilege escalation. This vulnerability is tracked as CVE-2026-38992. The attack is possible to be carried out remotely. No exploit exists.

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real

这是一起针对 SAP CAP（Cloud Application Programming Model）和 Cloud MTA（Multi-Target Application）生态的精准 npm 供应链攻击。攻击者通过劫持/污染 SAP 官方维护的 npm 包，在安装阶段注入恶意引导程序，最终执行高度混淆凭证窃取与自传播框架。

Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. [...]

Как пройдёт День Победы в столице в 2026 году.

根据发表在《People and Nature》期刊上的一项研究，欧洲大山雀和其它 36 种鸟更惧怕女性，原因未知。研究显示，在鸟儿飞走前男性能比女性多靠近大约一米距离。无论男女衣着，是否长发，身高如何，以何种方式接近鸟，这种现象始终存在。鸟类或许能辨别人类的性别，但具体机制并不清楚。研究人员观察了生活在五个欧洲国家城市中心的鸟类，其中包括已知一见到人类就会飞走的鸟类如喜鹊，以及倾向于稍迟才飞走的鸟类如鸽子。对女性表现出过度恐惧的反应在不同鸟类中间是一致的。研究人员猜测鸟可能通过气味或步态辨别性别。

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been declared as critical. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. This vulnerability is identified as CVE-2026-7420. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been classified as critical. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. This vulnerability is referenced as CVE-2026-7419. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535 and classified as critical. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The identification of this vulnerability is CVE-2026-7418. The attack may be launched remotely. Furthermore, there is an exploit available.

Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After […]

A vulnerability has been found in Algovate xhs-mcp 0.8.11 and classified as critical. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. This vulnerability was named CVE-2026-7417. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, was found in Jenkins HTML Publisher Plugin up to 427. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-42524. The attack can be launched remotely. No exploit exists.

Swiss and German law enforcement have arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee operations in Southern Europe.

Submit #803997 / VDB-360157

Submit #803994 / VDB-360156

Submit #803993 / VDB-360155