Posts of last 24 hours
https://buaq.net/go-427688.html
速修复
https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526554&idx=2&sn=a27aaa71c65d41624951f15559b6ae94
速修复
https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526554&idx=1&sn=62d794dc43dc49ccb43d31be669f3712
A vulnerability was found in Harness up to 2.28.2 and classified as problematic. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass.
This vulnerability is handled as CVE-2026-15036. The attack can be executed remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.
https://vuldb.com/vuln/376787
A vulnerability has been found in bentoml OpenLLM 0.6.30 and classified as critical. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection.
This vulnerability is known as CVE-2026-15035. Attacking locally is a requirement. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.
https://vuldb.com/vuln/376786
Submit #851013 / VDB-376787
https://vuldb.com/submit/851013
Reddit 用户报告 LG 显示器会静默安装 Windows 广告程序。而戴尔和 Alienware 显示器被发现也存在类似的行为。分析发现,LG 显示器会通过 Microsoft Store 和 Windows Update 自动安装名为 LG Monitor App Installer 的安装程序,LG Monitor App 会开机启动,会弹出广告,比如将用户导向迈克菲的杀毒软件。LG Monitor App 无法通过 Microsoft Store 卸载,阻止其弹出广告的方法是禁止其开机启动(位于 设置>应用>启动 中)。而禁止显示器自动安装程序的方法是干脆完全禁用 Microsoft Store。
https://www.solidot.org/story?sid=84781
A vulnerability, which was classified as problematic, was found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2026-15034. The attack may be launched remotely. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.
https://vuldb.com/vuln/376785
Как перестать управлять сетью по памяти и выстроить инфраструктуру, которая не рассыпается при первом сбое.
https://www.securitylab.ru/analytics/535519.php