Aggregator

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.5. The affected element is the function run_unpack of the component ntfs3. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-71265. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

保姆级讲解CC1-7（跟踪代码调试+讲解）

结合代码分析：CVE-2026-28409 WeGIA 远程代码执行漏洞

JDK17后的高版本触发toString整合

之前2023年浙江省赛的一道Java题目，题目涉及的Java漏洞点挺多的，有关 ● springboot限定版本的%2e绕过Trick ● apache-ant的zipslip漏洞 ● Enjoy国产模板引擎注入 ● JDK18环境下的内存马打入

Currently trending CVE - Hype Score: 5 - Windows Themes Spoofing Vulnerability

Currently trending CVE - Hype Score: 8 - Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, ...

Currently trending CVE - Hype Score: 23 - A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may ...

Currently trending CVE - Hype Score: 11 - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to cause unexpected system termination or write kernel memory.

Currently trending CVE - Hype Score: 6 - Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

Currently trending CVE - Hype Score: 18 - A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The ...

Currently trending CVE - Hype Score: 1 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

Currently trending CVE - Hype Score: 7 - An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.  This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 ...

Currently trending CVE - Hype Score: 17 - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a ...

Currently trending CVE - Hype Score: 8 - SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, ...

Спрос на взлом iOS и Android привел к стагнации рынка альтернативных киберразработок.

A vulnerability was found in Red Hat Keycloak. It has been rated as critical. This affects an unknown part of the component Client Configuration Handler. This manipulation causes server-side request forgery. This vulnerability appears as CVE-2026-4366. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in nicolargo glances up to 4.5.1 and classified as problematic. This affects an unknown part of the component REST API. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-32596. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability identified as critical has been detected in lxc incus-os up to 20260314. The impacted element is an unknown function. The manipulation of the argument PCR7 leads to insufficiently protected credentials. This vulnerability is traded as CVE-2026-32606. It is possible to launch the attack on the physical device. There is no exploit available. You should upgrade the affected component.

A vulnerability described as problematic has been identified in CraftCMS azure-blob up to 2.1.0. This affects the function actionLoadContainerData. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-32268. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.