Aggregator

谁在偷窥你的键盘？揭秘潜伏在系统进程背后的“银狐”

Submit #775132 / VDB-352403

Submit #775120 / VDB-310918

Submit #775119 / VDB-352402

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.2. It has been declared as critical. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. This vulnerability is referenced as CVE-2026-4564. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #780202 / VDB-321281

Submit #780201 / VDB-329943

Submit #780200 / VDB-329944

Submit #775118 / VDB-327358

Submit #775117 / VDB-327354

A vulnerability was found in MacCMS up to 2025.1000.4052. It has been classified as problematic. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. The identification of this vulnerability is CVE-2026-4563. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in MacCMS 2025.1000.4052 and classified as critical. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. This vulnerability was named CVE-2026-4562. The attack may be performed from remote. In addition, an exploit is available.

Submit #775116 / VDB-352401

Langflow CSV Agent 远程代码执行漏洞（CVE-2026-27966）代码层面深度分析

记一次微信小程序 Authorization 头伪造与渗透测试过程

CVE-2026-27966是Langflow平台中一个严重程度为高危的远程代码执行（RCE）漏洞。Langflow作为一个开源的AI工作流构建平台,允许用户通过可视化界面创建和管理AI驱动的自动化流程。该漏洞存在于CSV Agent组件的代码执行配置中，Langflow在其CSV Agent组件中显式把LangChain Experimental CSV Agent的危险代码执行能力打开了。攻击

PythonAstREPLTool无条件启用导致RCE

Pre-Windows 2000 Computer类型机器账户的利用

Submit #775050 / VDB-352400

Submit #775039 / VDB-352399