Aggregator

A vulnerability, which was classified as critical, has been found in libexif up to 0.6.25. Impacted is an unknown function of the component Nikon MakerNote Handler. This manipulation causes integer overflow. This vulnerability appears as CVE-2026-40385. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as critical was found in libexif up to 0.6.25. This issue affects some unknown processing of the component MakerNote Decoding. The manipulation results in integer underflow. This vulnerability is reported as CVE-2026-40386. The attack can be launched remotely. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability marked as problematic has been reported in Python CPython up to 3.14.x. The impacted element is an unknown function of the component HTTP Client Proxy Tunnel Handler. Performing a manipulation results in crlf injection. This vulnerability was named CVE-2026-1502. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in vim up to 9.2.275. Impacted is the function mapset of the component Command Line Handler. Executing a manipulation can lead to os command injection. This vulnerability appears as CVE-2026-34982. The attack requires local access. There is no available exploit. Upgrading the affected component is advised.

《传送门2（Portal 2）》自 2011 年 4 月发布至今已有 15 年，期间模组开发者推出了多个衍生版本，包括《Portal Stories: Mel》、《Aperture Tag: The Paint Gun Testing Initiative》以及《Portal Reloaded》等，现在由 P2:CE Team 开发的最新社区版本《传送门2社区版（Portal 2: Community Edition）》将于 4 月 18 日公测。《社区版》升级了引擎，使用了官方授权、基于 CS:GO 的 Source 引擎重度修改版本 Strata Source，原生支持 64 位改进了性能，新增原生 DirectX 11 支持，移除了旧引擎的很多限制，更新或改进了游戏玩法，提供了允许玩家轻松扩展游戏机制的脚本框架 AngelScript，采用了 Source 2 引擎的 Panorama UI 框架等等。《社区版》将免费提供给现有的《传送门2》玩家。

A vulnerability was found in SourceCodester Computer and Mobile Repair Shop Management System 1.0 and classified as critical. Affected is an unknown function of the file /rsms/admin/services/view_service.php. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2026-36947. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in SourceCodester Computer and Mobile Repair Shop Management System 1.0 and classified as critical. This impacts an unknown function of the file /rsms/admin/inquiries/view_details.php. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-36946. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.167/6.6.130/6.12.79/6.18.20/6.19.10. This affects the function process_sdp of the component nf_conntrack_sip. The manipulation results in uninitialized pointer. This vulnerability is identified as CVE-2026-31427. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. The impacted element is an unknown function of the component netfilter. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2026-31424. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.167/6.6.130/6.12.79/6.18.20/6.19.10. The affected element is the function __build_packet_message of the component netfilter. Executing a manipulation can lead to uninitialized pointer. The identification of this vulnerability is CVE-2026-31428. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. Impacted is the function rds_ib_get_mr of the component Control Message Handler. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2026-31425. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.167/6.6.130/6.12.79/6.18.20/6.19.10. This issue affects the function acpi_ec_setup of the file kernel/locking/mutex.c. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-31426. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]

На кону стоят суммы, которые заставляют забыть о правилах приличия.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. This vulnerability affects the function rtsc_min. This manipulation causes divide by zero. This vulnerability is handled as CVE-2026-31423. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. This affects the function ip6_datagram_send_ctl in the library include/net/ipv6.h of the component Control Message Handler. The manipulation results in denial of service. This vulnerability is known as CVE-2026-31415. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. Affected by this issue is the function flow_change. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2026-31422. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. Affected by this vulnerability is the function mtype_del of the component netfilter. Executing a manipulation can lead to privilege escalation. This vulnerability appears as CVE-2026-31418. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. It has been rated as critical. Affected is the function x25_clear_queues. Performing a manipulation results in buffer overflow. This vulnerability is reported as CVE-2026-31417. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.