Aggregator

Формальным поводом для экстренного бана стала уязвимость, которая есть и у конкурентов.

The gap between vulnerability discovery and real-world exploitation is collapsing. Mythos is an AI

​抠抠搜搜算了半天 Token，结果用不上了。

6月13日，据上海市网信办，近期，在国家网信办指导下，上海市网信办针对属地部分企业网络数据安全主体责任履行不到位、安全管理防护措施缺失、后端处理数据合规能力不足、数据出境合规审计不严等问题办理了一批执

A vulnerability described as critical has been identified in Koel up to 9.3.4. Affected by this issue is the function Http::sink of the component DNS Resolution Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2026-47260. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Discourse up to 2026.1.3/2026.3.0/2026.4.0. This vulnerability affects unknown code of the file name/logs.json of the component SMTP Password Handler. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2026-44784. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability has been found in Discourse up to 2026.1.3/2026.3.0/2026.4.0 and classified as problematic. The impacted element is an unknown function of the component Setting Handler. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-47264. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in apostrophecms apostrophe up to 3.6.0. This issue affects some unknown processing. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-42853. The attack needs to be approached locally. There is no available exploit.

A vulnerability described as problematic has been identified in nezhahq nezha up to 2.0.7. The impacted element is the function Send of the file /api/v1/notification. Such manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2026-46717. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability has been found in HashThemes Hash Elements Plugin up to 1.5.4 on WordPress and classified as problematic. This affects an unknown part. Performing a manipulation results in exposure of sensitive system information to an unauthorized control sphere. This vulnerability is cataloged as CVE-2026-24618. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in apostrophecms apostrophe up to 4.29.0. Impacted is an unknown function of the component Reset Handler. Executing a manipulation can lead to weak password recovery. The identification of this vulnerability is CVE-2026-45013. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Mattermost up to 10.11.15/10.11.16/11.5.4/11.6.1/11.6.x. The impacted element is an unknown function of the component Role Patch API. Such manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-6739. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in nezhahq nezha up to 2.0.13 and classified as problematic. This affects an unknown part of the component GET Request Handler. Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2026-49396. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Mattermost up to 10.11.15/10.11.16/11.5.4/11.6.1/11.6.x and classified as critical. This affects an unknown function of the component Shared Channel Handler. Performing a manipulation of the argument filename results in path traversal. This vulnerability was named CVE-2026-6961. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as critical has been found in SimpleHelp up to 5.5.15/6.0 RC1. Affected is an unknown function of the component Multi-Factor Authentication. Performing a manipulation results in improper verification of cryptographic signature. This vulnerability is reported as CVE-2026-48558. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Grafana Operator up to 5.23.0. The affected element is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is handled as CVE-2026-11769. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1. The affected element is an unknown function. The manipulation leads to risky cryptographic algorithm. This vulnerability is listed as CVE-2026-40996. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper authentication. This vulnerability appears as CVE-2026-40995. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1 and classified as critical. This affects an unknown function. This manipulation causes insecure default initialization of resource. This vulnerability is registered as CVE-2026-40994. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Атака на Mackay Sugar показала, насколько уязвима пищевая промышленность.