Aggregator

23-го апреля 2026-го года в Москве пройдет CIRF- конференция про ИБ свободная от официоза.

A vulnerability was found in phpseclib up to 1.0.26/2.0.51/3.0.49. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes observable timing discrepancy. The identification of this vulnerability is CVE-2026-32935. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in NaturalIntelligence fast-xml-parser up to 5.5.5. Affected is the function replaceEntitiesValue. Performing a manipulation results in xml entity expansion. This vulnerability is identified as CVE-2026-33036. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical has been found in alexcrichton tar-rs up to 0.4.44. This impacts an unknown function. Performing a manipulation results in type confusion. This vulnerability is reported as CVE-2026-33055. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in strukturag libde265 up to 1.0.16. This vulnerability affects the function ctb_info.log2unitSize of the component Image Parser. Such manipulation of the argument PicWidthInCtbsY/PicHeightInCtbsY leads to out-of-bounds write. This vulnerability is traded as CVE-2026-33165. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability described as critical has been identified in strukturag libde265 up to 1.0.16. Impacted is the function pic_parameter_set::set_derived_values. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is handled as CVE-2026-33164. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in libfuse up to 3.18.1. The impacted element is the function fuse_uring_start of the component FUSE File Parser. The manipulation results in use after free. This vulnerability was named CVE-2026-33150. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in pydicom up to 3.0.1. This impacts an unknown function of the component DICOM File Parser. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-32711. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Microsoft Windows. Impacted is an unknown function of the component Kernel. Executing a manipulation can lead to race condition. This vulnerability is handled as CVE-2025-62215. It is possible to launch the attack on the local host. Additionally, an exploit exists. It is advisable to implement a patch to correct this issue.

主要分析某大型oa前台0day挖掘

Инфостилеры научились обходить шифрование v20_master_key, подсматривая в память браузера.

2026年Django爆出的SQL注入漏洞CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation 看描述有点意思，似乎是解决了我一直无法bypass的一个点，于是进行深入分析下

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解其主要观点。 文章开头提到2024年印度因网络诈骗损失了22845亿卢比，比前一年增加了206%。这说明问题非常严重。接着，作者赞扬了CERT-In等团队的努力，并指出问题不是因为他们的不尽力，而是现有的结构无法应对问题。 然后，文章描述了恶意链接在不同平台上传播的情况，比如WhatsApp、Instagram和X（推特）等，导致普通用户如祖母点击后损失积蓄。这表明问题的实际影响很大。 作者分析了根本原因：各个平台各自运行检测系统，不共享情报，导致恶意链接在不同平台之间传播延迟。再加上AI生成的钓鱼链接难以辨别，情况更加恶化。 解决方案是建立一个开源的恶意链接检测API，由CERT-In、Meta、Google、X等共同维护，实现统一的威胁情报层和实时响应。作者认为现有的机构框架存在，但缺乏技术标准。 最后，作者呼吁开发者和政策制定者合作，并询问是否有类似项目在进行中以及可能的障碍。 总结时需要涵盖关键点：网络诈骗损失增加、现有结构的问题、平台间缺乏合作、AI带来的挑战、提出的解决方案以及呼吁合作。控制在100字以内，直接描述内容。 印度2024年网络诈骗损失达2.28万亿卢比,同比增长206%。现有平台间检测系统孤立,情报不共享,导致恶意链接传播延迟。AI生成钓鱼链接加剧风险。建议建立开源统一检测API,由CERT-In等共同维护,实现实时同步响应,提升整体网络安全水平。

A vulnerability, which was classified as critical, was found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. The affected element is an unknown function of the component Telnet/SSH. Such manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-22321. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. It has been classified as critical. This impacts an unknown function of the component POST Parameter Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-22319. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. It has been declared as critical. Affected is an unknown function of the component Telnet/SSH. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-22320. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VMware Spring AI up to 1.0.3/1.1.2. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component AbstractFilterExpressionConverter. This manipulation causes injection. This vulnerability is registered as CVE-2026-22729. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in VMware Spring AI up to 1.0.3/1.1.2. Affected by this issue is some unknown functionality of the component MariaDBFilterExpressionConverter. Such manipulation leads to sql injection. This vulnerability is documented as CVE-2026-22730. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. This affects an unknown part of the component Link Aggregation Configuration Interface. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2026-22323. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability described as problematic has been identified in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. Impacted is an unknown function of the component Link Aggregation Configuration Interface. The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-22322. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.