Aggregator

A vulnerability, which was classified as critical, was found in Red Hat Logging Subsystem for OpenShift, OpenShift Container Platform and OpenShift Distributed Tracing. This affects an unknown function of the component Issue Checking. Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability is registered as CVE-2024-5037. It is possible to launch the attack remotely. No exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability, which was classified as critical, has been found in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. This vulnerability is referenced as CVE-2026-6572. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. This vulnerability was named CVE-2026-6570. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The identification of this vulnerability is CVE-2026-6571. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. This vulnerability is identified as CVE-2026-6573. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in osuuu LightPicture up to 1.2.2 and classified as critical. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. This vulnerability is listed as CVE-2026-6574. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

NASA JPL 工程师于 4 月 17 日向旅行者 1 号发送指令，关闭低能带电粒子仪（LECP）以节省电力维持探测器的运行。旅行者 1 号与旅行者 2 号都携带了 10 个科学仪器，过去 49 年已有 7 个仪器关闭，剩下 3 个仪器——LECP，三轴磁通门磁强计（MAG）和电浆波系统（PWS）还在运行中。LECP 被用于测量低能带电粒子，包括来自太阳系和银河系的离子、电子和宇宙射线。LECP 提供了星际介质结构的关键数据，探测到日球层外的压力锋面和粒子密度变化区域。旅行者 1 号是距离地球最遥远的人造探测器，也是唯一能探测此类信息的探测器。旅行者号使用放射性同位素热电机作为动力，每年损失约 4 瓦的功率，今年 2 月 27 日工程师检测到功率的意外下降，如果功率再下降将会触发低电压故障保护系统，为保护探测器而关闭组件。而恢复组件将是一个漫长且充满风险的过程。工程团队因此决定主动关闭仪器以节省电力，他们在三个仍正常工作的仪器中选择了 LECP。工程师估计关闭 LECP 能为旅行者 1 号提供一年的喘息时间，计划在此期间完善名为“Big Bang”的节能方案，以进一步延长旅行者号的运行时间。

A vulnerability categorized as critical has been discovered in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to server-side request forgery. This vulnerability is registered as CVE-2026-6606. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in modelscope agentscope up to 1.0.18. It has been rated as critical. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-6605. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]

A vulnerability was found in modelscope agentscope up to 1.0.18. It has been declared as critical. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument image_url/audio_file_url leads to server-side request forgery. This vulnerability is listed as CVE-2026-6604. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in modelscope agentscope up to 1.0.18. It has been classified as critical. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. This vulnerability is tracked as CVE-2026-6603. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in IBM AIX 4.3.2. This affects an unknown part of the file genfilt of the component Packet Filter. Such manipulation leads to improper privilege management. This vulnerability is listed as CVE-1999-0903. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Apple Mac OS 9. This vulnerability affects unknown code of the component Console Lockout. Performing a manipulation results in improper authentication. This vulnerability is cataloged as CVE-1999-1076. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Microsoft Windows NT 4.0. This issue affects the function SamrOpenDomain/SamrEnumDomainUsers/SamrQueryDomainInfo of the file lsass.exe of the component LSA. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-1999-1234. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Falcon Falcon Web Server 1.0.0.1006. Impacted is an unknown function. The manipulation as part of Long File Name leads to information disclosure (Path). This vulnerability is documented as CVE-1999-0882. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Netscape Communicator 4.7. This affects an unknown function of the component Certificate Key Handler. Such manipulation as part of Long Key leads to improper privilege management. This vulnerability is traded as CVE-1999-1226. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Microsoft Internet Explorer 4/5 and classified as critical. Affected by this issue is some unknown functionality of the component Word 97 Template Handler. The manipulation results in improper privilege management. This vulnerability was named CVE-1999-0354. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability was found in Microsoft Internet Explorer up to 5.0. It has been classified as critical. This affects an unknown part of the component Sub-Frame Handler. This manipulation causes authentication bypass by spoofing (Frame). The identification of this vulnerability is CVE-1999-0827. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in HP Secure Web Console. It has been declared as critical. This vulnerability affects unknown code. Such manipulation leads to improper authentication. This vulnerability is referenced as CVE-1999-0829. It is possible to launch the attack remotely. No exploit is available.