Posts of last 24 hours
看雪论坛作者ID:F0xm1ao
https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458617507&idx=2&sn=be31462aef573f12084964126ad5b3af
真设备・真项目・真内推
https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458617507&idx=1&sn=9ff58656e561d23869fac466deedfb43
上周关注度较高的产品安全漏洞(20260706-20260712)
https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247497100&idx=2&sn=ac9146bfb4881155b3fb28465f9109c4
国家信息安全漏洞共享平台(以下简称CNVD)本周共收集、整理信息安全漏洞428个,其中高危漏洞237个、中危漏洞145个、低危漏洞46个。
https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247497100&idx=1&sn=2d293d88cb0b49d8ea0a7615081e96d2
A vulnerability categorized as problematic has been discovered in HAPI FHIR 5.4.0/6.4.0. This impacts the function FHIRPathEngine.matches. Such manipulation leads to inefficient regular expression complexity.
This vulnerability is referenced as CVE-2026-55470. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
https://vuldb.com/vuln/372591
A vulnerability was found in bytecodealliance wasmtime up to 24.0.10/36.0.11/45.0.2/46.0.0. It has been classified as problematic. This affects an unknown function of the component Filesystem Interface. This manipulation causes permission issues.
This vulnerability is handled as CVE-2026-58494. The attack can be initiated remotely. There is not any exploit available.
https://vuldb.com/vuln/377012
A vulnerability, which was classified as critical, has been found in zopefoundation RestrictedPython up to 8.2. Affected is the function check_function_argument_names of the component Argument Validation. This manipulation of the argument Local causes improper access controls.
This vulnerability is registered as CVE-2026-55830. Remote exploitation of the attack is possible. No exploit is available.
https://vuldb.com/vuln/377036
A vulnerability, which was classified as very critical, was found in fluent Fluentd up to 1.19.2. Affected by this vulnerability is an unknown functionality of the component out_file. Such manipulation of the argument path leads to path traversal.
This vulnerability is documented as CVE-2026-44024. The attack can be executed remotely. There is not any exploit available.
https://vuldb.com/vuln/377037
A vulnerability was found in grokability Snipe-IT up to 8.5.0 and classified as problematic. This affects an unknown part of the component API Endpoint. Executing a manipulation can lead to improper authorization.
This vulnerability appears as CVE-2026-48492. The attack may be performed from remote. There is no available exploit.
https://vuldb.com/vuln/377039
A vulnerability was found in fluent Fluentd up to 1.19.2. It has been classified as critical. This vulnerability affects unknown code of the component in_http/in_forward plugins. The manipulation leads to uncontrolled memory allocation.
This vulnerability is traded as CVE-2026-44160. It is possible to initiate the attack remotely. There is no exploit available.
https://vuldb.com/vuln/377040