Aggregator

A vulnerability, which was classified as problematic, was found in Realterm Serial Terminal 2.0.0.70. This affects an unknown part. Executing a manipulation of the argument Port can lead to improper handling of overlap between protected memory ranges. The identification of this vulnerability is CVE-2019-25570. The attack can only be executed locally. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. This vulnerability is known as CVE-2026-4516. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in NordVPN 6.19.6. This vulnerability affects unknown code. This manipulation of the argument email causes improper handling of overlap between protected memory ranges. This vulnerability appears as CVE-2019-25572. The attack requires local access. In addition, an exploit is available.

A vulnerability has been found in MediaMonkey 4.1.23.1881 and classified as problematic. This vulnerability affects unknown code of the component MP3 Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2019-25571. The attack can only be performed from a local environment. Furthermore, an exploit is available.

Bitrefill подводит итоги взлома.

全世界可能多达九成的人感染了人类多瘤病毒 2——aka JC 病毒，以首位分离出该病毒的患者 John Cunningham 的名字首字母命名。除非被激活，对大部分人而言这种病毒不会有症状。如果激活，病毒会破坏大脑，导致“进行性多灶性白质脑病（缩写 PML）”。PML 型的 JC 病毒会破坏特定的脑细胞，导致神经细胞功能障碍和死亡。PML 被认为非常罕见，但在艾滋病出现之后，在流行早期有 2% 至 5% 的 HIV 感染者会同时出现 PML。这意味着艾滋病相关联的严重免疫抑制可能是 PML 的一种激活条件。现在，根据发表在《Annals of Internal Medicine Case》期刊上的一项研究，研究人员报告了 PML 的另一种可能的激活条件——慢性肾脏病。相比 HIV，慢性肾脏病影响全世界十分之一的人口，慢性肾脏病激活 PML 型 JC 病毒可能会带来严重后果，需要警惕。

漏洞来源一个评分十分的漏洞漏洞描述WeKnora 是一个基于 LLM 的框架，旨在实现深度文档理解和语义检索。在 0.2.12 版本之前，该应用程序的数据库查询功能存在远程代码执行 (RCE) 漏洞。验证系统未能递归检查 PostgreSQL 数组表达式和行表达式中的子节点，这使得攻击者能够绕过 SQL 注入保护。攻击者可以通过在这些表达式中嵌入危险的 PostgreSQL 函数，并将其与大型对象

今日暂未更新资讯~
更多最新文章，请访问SecWiki

记一次漏洞挖掘，借鉴的是D-Link DIR 615645815 service.cgi远程命令执行漏洞的思路，定位system危险函数，然后去看看能否控制参数等。

学点高级玩意儿

针对25年较新的一套SpringBoot+Vue在线教育(在线学习)系统进行代码审计

A vulnerability labeled as critical has been found in Craft CMS up to 4.17.4/5.9.10. This affects the function replaceFile. Such manipulation of the argument targetFilename leads to path traversal. This vulnerability is documented as CVE-2026-32262. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Chamilo LMS up to 1.11.35. This impacts an unknown function. Performing a manipulation of the argument keyword results in cross site scripting. This vulnerability is reported as CVE-2026-30882. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Mattermost up to 11.2.2/11.3.0. Affected by this vulnerability is an unknown functionality of the component Playbook Run API. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2026-26304. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.10/11.3.x. Affected by this issue is some unknown functionality of the component Private Channel Handler. The manipulation results in operation on a resource after expiration. This vulnerability is known as CVE-2026-1629. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.10/11.3.x. This affects an unknown part of the component API Endpoint. This manipulation causes incorrect authorization. This vulnerability is handled as CVE-2026-26230. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Forgejo up to 13.0.3. It has been classified as problematic. The affected element is an unknown function of the component File Attachment Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-68971. Remote exploitation of the attack is possible. No exploit is available.

针对厂区接入云端高敏AI模型的迫切需求，本文提出采用IPsec VPN实现低成本、高安全的云地互联方案。文章简述IPsec工作原理，并提供可参考的实战架构拓扑、加密策略、访问控制的安全实战落地指南。