Aggregator

A vulnerability marked as problematic has been reported in Apache Tomcat up to 9.0.116/10.1.53/11.0.20. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing encryption of sensitive data. This vulnerability is referenced as CVE-2026-34486. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in NASM Netwide Assembler 3.02rc5. This impacts the function depend_file. Such manipulation leads to use after free. This vulnerability is documented as CVE-2026-6068. The attack needs to be performed locally. There is not any exploit available.

A vulnerability classified as critical was found in Google Chrome. Affected by this issue is some unknown functionality of the component WebML. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-5867. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component V8. The manipulation leads to type confusion. This vulnerability is documented as CVE-2026-5865. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in prompts.chat. This vulnerability affects unknown code of the component Username Handler. The manipulation leads to improper handling of case sensitivity. This vulnerability is listed as CVE-2026-22665. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

error code: 1003

数据泄露通知网站 HaveIBeenPwned 报告称，便利店连锁巨头 7-Eleven 在 4 月中旬遭受的数据泄露事件可能影响超过 18.5 万人。 7-Eleven 在本月初向缅因州总检察长办公室提交的数据泄露通知中表示，该事件发生于 4 月 8 日，涉及包含特许经营文件的系统。7-Eleven 表示，攻击中可能被盗了姓名和地址等个人信息，但未披露可能受影响的个人数量。 4 月中旬，臭名昭著...

Currently trending CVE - Hype Score: 4 - Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 1 - LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. ...

Currently trending CVE - Hype Score: 1 - In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles ...

Currently trending CVE - Hype Score: 1 - In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.

The app contains an `authorize.conf` configuration file ...

Currently trending CVE - Hype Score: 1 - In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain ...

error code: 1003

Nimbus Manticore 在战时加速了网络攻击，使用了 AI 辅助的恶意软件、虚假 Zoom 安装程序以及 SEO 投毒技术。 2026 年 2 月底，当美国对伊朗发起“史诗之怒行动”（Operation Epic Fury）时，大多数分析人士预计该国的网络力量会蛰伏以躲避风暴。但事实并非如此。Check Point 的研究人员记录到了更令人不安的情况：与伊朗有关的...

墨菲安全以AI原生能力赋能行业伙伴！

随着中国科技人才争夺战愈演愈烈，字节跳动正向其AI实验室员工提供特别股权，以防止被竞争对手挖角。据四名知情人士透露，总部位于北京的字节跳动，正在向其Seed人工智能团队员工提供与该部门挂钩的低价股票期

声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4. The affected element is the function synchronize_irq of the component IRQ Handler. Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2026-23469. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.