Aggregator

A vulnerability was found in BFG Tools Plugin up to 1.0.7 on WordPress. It has been rated as critical. Affected is the function zip of the file /wp-content/plugins/. The manipulation of the argument first_file leads to path traversal. This vulnerability is referenced as CVE-2025-13681. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Santesoft Sante DICOM Viewer Pro 14.2.0. It has been declared as critical. This impacts an unknown function of the component DCM File Parser. Executing a manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2026-2034. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MLflow. It has been classified as critical. This affects an unknown function of the component Artifact Handler. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-2033. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in HP App on Android and classified as problematic. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-1578. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Kanboard up to 1.2.49 and classified as problematic. The affected element is the function TaskCreationController::duplicateProjects of the component Incomplete Fix CVE-2023-33968. This manipulation causes missing authorization. This vulnerability is handled as CVE-2026-25531. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support […]

Шах и мат, литий-ионные батареи!

Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. [...]

中国载人航天办公室宣布于 2 月 11 日成功完成了长征十号运载火箭系统低空演示验证与梦舟载人飞船系统最大动压逃逸飞行试验，其中火箭第一级在分离之后重新点燃助推器，减速缓慢降落在停留的回收驳船附近，第一级于 2 月 13 日成功回收，这是中国首次在海上实施运载火箭搜索回收任务，朝着火箭可重复使用迈出了重要一步。长征十号运载火箭主要用于载人月球探测任务，此次测试的是其缩小版，梦舟飞船则将取代目前使用的神舟飞船。长征十号第一级以及梦舟都设计可重复使用多次。

Он не пишет код за вас, а буквально предугадывает желания в реальном времени.

科学家警告地球正接近气候变化的临界点，越过临界点可能会导致全球暖化失控，无法遏制，世界将陷入地狱般的温室地球气候，将与过去 1.1 万年人类文明经历的温和气候截然不同。最近几年地球气温只上升了 1.3 摄氏度，但极端天气已经在全球范围内夺走大量生命和摧毁无数人的生计。如果气温上升的幅度达到 3-4 摄氏度，那么经济和社会将无法像我们所熟知的那样运转。科学家表示，何时触发临界点难以预测，但最重要是采取预防措施，大幅削减化石燃料的消耗。

Currently trending CVE - Hype Score: 3 - A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Кажется, теперь из фейсбука нельзя уйти даже вперед ногами.

漏洞描述CAI 是一个人工智能安全的框架。在包括0.5.10版本及之前的版本中，CAI 框架的函数工具中包含多个参数注入漏洞。用户控制的输入通过“subprocess”直接传递给shell命令。Popen（）' 带有 'shell=True'，允许攻击者在主机系统上执行任意命令​漏洞影响评分：9.7版本：<=0.5.10漏洞分析攻击者创建一个看似正常的网络安全博客页面，将恶意指令隐藏在HTM

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.199/6.1.162/6.6.123/6.12.69/6.18.9. Impacted is the function nft_map_catchall_activate of the component nf_tables. The manipulation results in improper update of reference count. This vulnerability is known as CVE-2026-23111. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.9. This issue affects the function nvmet_tcp_build_pdu_iovec of the component nvmet-tcp. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2026-23112. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.