Aggregator

CVE-2026-53901 | cerebrate up to 1.36 add params dynamically-determined object attributes (EUVD-2026-36216)

1 week 5 days ago

A vulnerability was found in cerebrate up to 1.36. It has been declared as critical. This vulnerability affects the function Add. The manipulation of the argument params results in dynamically-determined object attributes. This vulnerability is reported as CVE-2026-53901. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-53465 | ImageMagick up to 7.1.2-24 SF3 Encoder heap-based overflow (GHSA-44cp-c3ww-9rv5 / EUVD-2026-36192)

Vuldb Updates

1 week 5 days ago

A vulnerability was found in ImageMagick up to 7.1.2-24. It has been declared as critical. This affects an unknown part of the component SF3 Encoder. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is handled as CVE-2026-53465. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-53737 | saas.group Juicer up to 1.12.18 Setting cross site scripting (EUVD-2026-36138)

Vuldb Updates

1 week 5 days ago

A vulnerability was found in saas.group Juicer up to 1.12.18. It has been rated as problematic. The affected element is an unknown function of the component Setting Handler. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-53737. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

DragonForce

Dark Feed IO

1 week 5 days ago

You must login to view this content

cohenido

CVE-2026-41696 | Vmware Spring Data MongoDB up to 5.0.5 String data query logic injection (CNNVD-202606-2872)

Vuldb Updates

1 week 5 days ago

A vulnerability was found in Vmware Spring Data MongoDB up to 5.0.5. It has been rated as problematic. The affected element is an unknown function of the component String Handler. The manipulation leads to improper neutralization of special elements in data query logic. This vulnerability is listed as CVE-2026-41696. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

vuldb.com

CVE-2026-41008 | Vmware Spring Security/Spring Authorization Server Authorization Endpoint request_uri redirect (CNNVD-202606-2874)

Vuldb Updates

1 week 5 days ago

A vulnerability was found in Vmware Spring Security and Spring Authorization Server. It has been declared as problematic. Impacted is an unknown function of the component Authorization Endpoint. Executing a manipulation of the argument request_uri can lead to open redirect. This vulnerability is tracked as CVE-2026-41008. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

vuldb.com

CISA orders federal agencies to “patch smarter”

Help Net Security

1 week 5 days ago

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly published vulnerabilities and by AI tools that are accelerating both security research and exploit development on the attacker side. Towards risk-based vulnerability management BOD 26-04 introduces a framework that allow federal civilian Executive … More →

The post CISA orders federal agencies to “patch smarter” appeared first on Help Net Security.

Zeljka Zorz

ИИ поставили перед настоящей математикой — а он едва вытянул на тройку

Securitylab.ru

1 week 5 days ago

Проект First Proof дал первые результаты… только вот они оказались неутешительными.

面试官皱眉：“你知道 Claude Code 记忆机制吗？” 我：“何止知道？我还看过源码”，他又愣了…

君哥的体历

1 week 5 days ago

Claude Code 的记忆机制，本质上是解决 LLM 无状态问题的一种分层设计。从源码来看，它把短期上下文、工作记忆与长期存储拆开，让 Agent 能形成“执行→回顾→改进”的闭环。这套实现思路不只在 AI 编程中有用，对理解智能体行为逻辑有借鉴意义。

Lynx

Dark Feed IO

1 week 5 days ago

You must login to view this content

cohenido

【工具】CodeStatistics - 开源代码行数统计工具

NOVASEC

1 week 5 days ago

【工具】CodeStatistics - 开源代码行数统计工具

已知(x-a)^2+(y-b)^2=r^2，求cx+dy最大最小值

青衣十三楼飞花堂

1 week 5 days ago

建议手工推导，推出来后，背一下这个结论，赚死。

SecWiki News 2026-06-11 Review

SecWiki News(国内外安全资讯)

1 week 5 days ago

今日暂未更新资讯~
更多最新文章，请访问SecWiki

CVE-2026-48855 | Erlang OTP ssh_sftpd.erl information disclosure (GHSA-pv7g-pjrq-x2fh / Nessus ID 320494)

Vuldb Updates

1 week 5 days ago

A vulnerability classified as problematic has been found in Erlang OTP. The impacted element is an unknown function in the library lib/ssh/src/ssh_sftpd.erl. This manipulation causes information disclosure. This vulnerability is handled as CVE-2026-48855. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-48856 | Erlang OTP httpc_response.erl host redirect (GHSA-m75x-4vwg-ggjh / Nessus ID 320495)

Vuldb Updates

1 week 5 days ago

A vulnerability was found in Erlang OTP. It has been declared as problematic. This vulnerability affects unknown code in the library lib/inets/src/http_client/httpc_response.erl. Such manipulation of the argument host leads to open redirect. This vulnerability is listed as CVE-2026-48856. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-53689 | sahlberg libnfs up to up to 6.0.2 NFS lib/libnfs-zdr.c libnfs_zdr_string improper validation of specified quantity in input (Nessus ID 320496)

Vuldb Updates

1 week 5 days ago

A vulnerability, which was classified as problematic, was found in sahlberg libnfs up to up to 6.0.2. The impacted element is the function libnfs_zdr_string in the library lib/libnfs-zdr.c of the component NFS Handler. Such manipulation leads to improper validation of specified quantity in input. This vulnerability is referenced as CVE-2026-53689. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

vuldb.com

CVE-2026-48858 | Erlang OTP up to 6.x PASV ftp_internal.erl server-side request forgery (GHSA-24cv-hwgr-37fq / Nessus ID 320497)

Vuldb Updates

1 week 5 days ago

A vulnerability categorized as critical has been discovered in Erlang OTP up to 6.x. Impacted is an unknown function in the library lib/inets/src/ftp/ftp_internal.erl of the component PASV Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2026-48858. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

vuldb.com

Authorities dismantle 'AudiA6' ransomware crypto-laundering service

Bleeping Computer.

1 week 5 days ago

Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]

Bill Toulas

GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks

Cyber Security News

1 week 5 days ago

GitHub has announced a major security-focused update to the Node Package Manager (npm), introducing breaking changes in the upcoming npm v12 release to reduce software supply chain attack risks significantly. The update, expected in July 2026, will turn off automatic execution of installation scripts by default, one of the most commonly abused mechanisms in malicious […]

The post GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks appeared first on Cyber Security News.

Abinaya

科技巨头大举借债

Solidot

1 week 5 days ago

为了投资建设 AI 基础设施，科技巨头们正大举借债，规模达到了千亿美元。Google 母公司 Alphabet 一周前表示，计划过股票销售筹集 800 亿美元；Meta 宣布计划通过销售债券筹集 300 亿美元；亚马逊计划在加拿大发行债筹集 140 亿美元，紧跟着又与花旗、摩根大通、富国、汇丰和美银证券等达成协议借款约 175 亿美元总融资 315 亿美元。为了资助 AI 基础设施如芯片和数据中心，主要科技公司的支出都创下了历史新高。如此高的投资引发了回报相关的疑问。

Aggregator

Managed ad