Aggregator

A vulnerability was found in SAP Material Master Application. It has been classified as problematic. The impacted element is an unknown function. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-27672. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in NERDVANA Crypt::SecretBuffer up to 0.018 on Perl and classified as problematic. The affected element is an unknown function. Such manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2026-5086. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in jqlang jq and classified as problematic. Impacted is the function jv_string_indexes of the file src/builtin.c. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2026-39956. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability, which was classified as problematic, was found in ImageMagick up to 6.9.13-43/7.1.2-18. This issue affects some unknown processing of the component Image Parser. The manipulation results in integer overflow. This vulnerability is known as CVE-2026-34238. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in ImageMagick up to 6.9.13-43/7.1.2-18. This vulnerability affects the function DestroyXMLTree. The manipulation leads to uncontrolled recursion. This vulnerability is traded as CVE-2026-33908. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in ImageMagick up to 6.9.13-43/7.1.2-18. This affects an unknown part of the component Image Parser. Executing a manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2026-33905. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in thimpress LearnPress Plugin up to 4.3.2.8 on WordPress. Affected by this issue is the function delete_question_answer of the component POST Handler. Performing a manipulation results in missing authorization. This vulnerability is reported as CVE-2026-4365. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability described as critical has been identified in Crocoblock JetEngine Plugin up to 3.8.6.1 on WordPress. Affected by this vulnerability is the function sprintf of the component Content Types Module. Such manipulation leads to sql injection. This vulnerability is documented as CVE-2026-4352. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in Talend JobServer and Runtime. Affected is an unknown function of the component JMX Monitoring Port. This manipulation causes missing authentication. This vulnerability is registered as CVE-2026-6264. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，了解主要信息。 文章讲的是Basic-Fit这个欧洲健身巨头遭遇了数据泄露事件。黑客未经授权访问了他们的中央系统，导致多个成员国的会员信息被下载。泄露的数据包括姓名、地址、电子邮件、电话号码、出生日期和银行账户细节等敏感信息。 文章提到荷兰有20万会员受影响，而全球范围内可能有100万会员受到影响。Basic-Fit已经通知了相关数据保护机构，并与外部安全专家合作调查事件。目前没有迹象表明数据被公开或滥用，公司也在继续监控情况。 接下来，我需要将这些关键点浓缩到100字以内。重点包括：Basic-Fit的数据泄露事件、受影响的会员数量、泄露的数据类型、公司的应对措施以及当前的情况。 最后，确保语言简洁明了，不使用复杂的术语，直接传达核心信息。 欧洲健身巨头Basic-Fit遭遇数据泄露，黑客未经授权访问其中央系统，导致多国会员信息被下载。泄露数据包括姓名、地址、电子邮件、电话号码、出生日期和银行账户细节等。荷兰约20万会员受影响，全球或有100万会员涉及。公司已通知数据保护机构，并与外部专家合作调查事件。目前未发现数据公开或滥用迹象。

A vulnerability labeled as problematic has been found in external-secrets up to 2.2.x. This impacts the function TxtFuncMap of the file runtime/template/v2/template.go of the component DNS Resolution Handler. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-34984. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in MervinPraison PraisonAI and praisonaiagents. This affects an unknown function of the file /ws of the component WebSocket Endpoint. The manipulation leads to missing authentication. This vulnerability is listed as CVE-2026-40289. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in jqlang jq up to 1.8.1. The impacted element is the function jv_setpath/jv_getpath/delpaths_sorted of the file src/jv_aux.c. Executing a manipulation of the argument path can lead to uncontrolled recursion. This vulnerability is tracked as CVE-2026-33947. The attack is restricted to local execution. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability was found in jqlang jq. It has been rated as critical. The affected element is the function jv_parse_sized. Performing a manipulation of the argument length results in out-of-bounds read. This vulnerability is identified as CVE-2026-39979. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MervinPraison PraisonAI and praisonaiagents up to 4.5.138. It has been declared as critical. Impacted is the function import_tools_from_file of the file tools.py. Such manipulation leads to code injection. This vulnerability is referenced as CVE-2026-40287. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in 1Panel-dev MaxKB up to 2.7.x. It has been classified as problematic. This issue affects the function mcp_servers of the component Workflow Creation API. This manipulation causes enforcement of behavioral workflow. The identification of this vulnerability is CVE-2026-39417. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) -  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an

嗯，用户让我用中文总结一下这篇文章，控制在100字以内，而且不需要用“文章内容总结”之类的开头。好的，首先我得仔细阅读文章内容。 文章主要讲的是美国网络安全和基础设施安全局（CISA）在周一新增了六个安全漏洞到他们的已知被利用漏洞目录中。这些漏洞都有各自的CVE编号和CVSS评分，看起来都是比较严重的。 然后，我注意到每个漏洞的具体情况：比如Fortinet FortiClient EMS的SQL注入漏洞，CVSS得分9.1；Adobe Acrobat Reader的内存释放后使用漏洞，得分7.8；还有微软的一些漏洞，比如Windows Common Log File System Driver的越界读取和Exchange Server的反序列化问题。 接下来，文章提到CISA之所以加入这些漏洞是因为有证据显示它们正在被积极利用。例如，CVE-2026-21643被Defused Cyber检测到从2026年3月24日开始有攻击尝试。微软也提到一个威胁行为者利用CVE-2023-21529来传播Medusa勒索软件。至于CVE-2012-1854，微软在2012年的公告中提到有限且有针对性的攻击尝试。 其他三个漏洞目前还没有公开报告指出它们被利用的情况。最后，FCEB机构需要在2026年4月27日前修复这些漏洞。 总结的时候需要涵盖CISA新增六个漏洞、各个漏洞的严重性、部分已被利用的情况以及修复期限。要控制在100字以内，所以得简洁明了。 可能会这样组织语言：CISA新增六个高危漏洞至目录，涉及SQL注入、内存错误等；部分已被用于攻击；要求机构在4月前修复。 这样既涵盖了主要信息，又符合字数限制。 美国网络安全机构CISA新增六项高危安全漏洞至已知被利用列表，包括SQL注入、内存错误及特权提升等严重问题；部分漏洞已被用于实际攻击活动；相关机构需于四月底前完成修复以应对威胁。

A vulnerability was found in Ubiquiti UniFi Play PowerAmp and UniFi Play Audio Port and classified as critical. This vulnerability affects unknown code. The manipulation results in path traversal. This vulnerability was named CVE-2026-22562. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in MervinPraison PraisonAI and praisonaiagents and classified as critical. This affects the function subprocess.run of the file job_workflow.py of the component YAML File Parser. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2026-40288. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.