Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

Mythos/GPT5.5 网络安全模型分水岭 by ourren

SecWiki周刊（第639期) by ourren

置身市内：网安激荡三十年（中） by ourren

置身事内：网安激荡三十年（上） by ourren

更多最新文章，请访问SecWiki

According to the company’s preliminary analysis, a compromised GitHub account was used to push the malicious code out to customers, hitting 32 packages downloaded roughly 117,000 times a week.

Currently trending CVE - Hype Score: 4 - Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 3 - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 8 - In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Currently trending CVE - Hype Score: 5 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.

Currently trending CVE - Hype Score: 11 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to ...

Currently trending CVE - Hype Score: 4 - In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via ...

Currently trending CVE - Hype Score: 11 - Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Currently trending CVE - Hype Score: 3

Currently trending CVE - Hype Score: 5 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 3 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected.

Miami Beach, FL, USA, 2nd June 2026, CyberNewswire

Twenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated than your dad's firewall.