Aggregator

A vulnerability was found in ChilliCream graphql-platform up to 12.22.6/13.9.15/14.3.0/15.1.13. It has been rated as critical. This vulnerability affects unknown code. This manipulation causes uncontrolled recursion. This vulnerability is handled as CVE-2026-40324. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in ChurchCRM up to 7.1.x. It has been declared as problematic. This affects the function canEditPerson of the file /api/person/. The manipulation results in authorization bypass. This vulnerability is known as CVE-2026-40480. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

Привычный алгоритм действий превращается в настоящую полосу препятствий.

A vulnerability described as problematic has been identified in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-6491. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor confirms that they will "be removing the deprecated area in libvips 8.19".

A vulnerability labeled as problematic has been found in FirebirdSQL Firebird up to 3.0.13/4.0.6/5.0.3. This affects the function sdl_desc. Executing a manipulation can lead to divide by zero. This vulnerability is tracked as CVE-2026-35215. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as problematic was found in LibRaw d20315b. This vulnerability affects the function x3f_load_huffman of the component File Handler. Such manipulation leads to integer overflow. This vulnerability is traded as CVE-2026-24660. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability marked as critical has been reported in LibRaw d20315b. Affected by this vulnerability is the function x3f_thumb_loader of the component File Handler. The manipulation leads to integer overflow. This vulnerability is documented as CVE-2026-20889. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability described as critical has been identified in LibRaw 0b56545/d20315b. Affected by this issue is the function lossless_jpeg_load_raw of the component File Handler. The manipulation results in improper validation of array index. This vulnerability is reported as CVE-2026-21413. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability classified as problematic has been found in LibRaw 8dc68e2. This affects the function uncompressed_fp_dng_load_raw of the component File Handler. This manipulation causes integer overflow. This vulnerability appears as CVE-2026-24450. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

A vulnerability identified as problematic has been detected in LibRaw. This impacts the function deflate_dng_load_raw of the component File Handler. Performing a manipulation results in integer overflow. This vulnerability is cataloged as CVE-2026-20884. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

一个月前，我提议：基于 Slax Note 的代码，生成一套文档。然后删掉代码，基于文档生成代码。然后上线。

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting

Астрономы проанализировали глубинный состав 3I/ATLAS.

Крупнейший на сегодня анализ ДНК показал то, о чём учёные даже не подозревали.

A vulnerability was found in Linux Kernel up to 6.6.93/6.12.33/6.15.2 and classified as critical. This vulnerability affects the function phy_detach. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-38149. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.2. It has been rated as problematic. The affected element is an unknown function of the file kernel/locking/mutex.c of the component af_packet. Performing a manipulation results in improper locking. This vulnerability is reported as CVE-2025-38150. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.15.2. It has been classified as critical. Affected by this issue is the function txopt_get of the component calipso. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-38147. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.1.141/6.6.93/6.12.33/6.15.2 and classified as critical. This affects an unknown part of the component net. The manipulation leads to memory leak. This vulnerability is listed as CVE-2025-38148. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.2. Affected by this vulnerability is the function aspeed_lpc_enable_snoop of the component soc. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-38145. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.