Aggregator

A vulnerability labeled as critical has been found in Orthanc DICOM Server up to 1.12.10. This vulnerability affects unknown code of the component PAM Image Parser. Executing a manipulation can lead to integer overflow. This vulnerability is registered as CVE-2026-5444. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in Orthanc DICOM Server up to 1.12.10. This affects an unknown part of the component HTTP Handler. Performing a manipulation of the argument Content-Length results in allocation of resources. This vulnerability is cataloged as CVE-2026-5440. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in Jizhicms 2.5.4. Affected by this issue is some unknown functionality of the component User Evaluation/Message/Comment. Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2025-50228. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in SonicWall SMA1000. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component Tunnel TOTP Authentication. This manipulation causes improper handling of unicode encoding. This vulnerability is tracked as CVE-2026-4116. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in SonicWall SMA1000. It has been declared as critical. Affected is an unknown function of the component AMC TOTP Authentication. The manipulation results in improper handling of unicode encoding. This vulnerability is identified as CVE-2026-4114. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in SonicWall SMA1000. It has been classified as problematic. This impacts an unknown function of the component SSL VPN. The manipulation leads to observable response discrepancy. This vulnerability is referenced as CVE-2026-4113. Remote exploitation of the attack is possible. No exploit is available.

FBI cyber chief Brett Leatherman told CyberScoop the Russian GRU campaign was unique in how it could propagate from routers to beyond.

The post Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’ appeared first on CyberScoop.

Как одна строчка из картинок заменяет подробный план кибератаки.

A vulnerability, which was classified as problematic, was found in Apple macOS. This vulnerability affects unknown code of the component ImageIO. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2022-1622. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in vim and classified as critical. This affects the function vim_strncpy. Such manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-1621. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in LibTIFF. The affected element is the function LZWDecode of the file libtiff/tif_lzw.c of the component TIFF File Handler. Such manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2022-1622. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

NASA 的视频显示，Artemis II 宇航员的笔记本电脑运行了开源多媒体播放器 VLC，而 VLC 使用了 FFmpeg 多媒体库，这意味着两大开源项目都进入了太空，而且工作正常，不像微软的私有软件 Outlook。Artemis 宇航员除了使用开源软件，还用苹果最新的 iPhone 17 Pro Max 智能手机在飞船内自拍。飞船外的拍摄则使用了 2014 年款的 GoPro Hero 4 Black 相机。

A vulnerability classified as critical was found in GNU grub. The affected element is an unknown function. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-54771. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as problematic was found in GNU grub2. This impacts an unknown function. Executing a manipulation can lead to expired pointer dereference. This vulnerability is handled as CVE-2025-61663. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability identified as critical has been detected in GNU grub. The impacted element is an unknown function of the component gettext Module. This manipulation causes use after free. This vulnerability is registered as CVE-2025-61662. The attack needs to be launched locally. No exploit is available.

A vulnerability marked as problematic has been reported in GNU grub2. Affected by this issue is the function normal_exit. The manipulation leads to expired pointer dereference. This vulnerability is documented as CVE-2025-61664. The attack needs to be performed locally. There is not any exploit available.

A vulnerability was found in GNU grub. It has been classified as problematic. This impacts an unknown function. This manipulation causes incorrect calculation of buffer size. The identification of this vulnerability is CVE-2025-61661. It is feasible to perform the attack on the physical device. There is no exploit available.

A vulnerability was found in GNU grub2 and classified as problematic. Impacted is the function net_set_vlan of the component Network Module. Executing a manipulation can lead to expired pointer dereference. The identification of this vulnerability is CVE-2025-54770. The attack can only be executed locally. There is no exploit available.