Aggregator

根据国家信息安全漏洞库（CNNVD）统计，本周（2026年6月15日至2026年6月21日）安全漏洞情况如下

Brinqa BYOAI (Bring Your Own AI), a capability that enables organizations to connect any AI agent, large language model (LLM), or automation platform to Brinqa’s exposure intelligence layer. As enterprises adopt AI, they need to ensure that AI systems use accurate, up-to-date risk data. BYOAI connects existing AI tools to a common source of exposure intelligence, providing a consistent foundation for analysis and decision-making. For enterprises, the difference between AI that delivers meaningful business outcomes … More →

The post Brinqa BYOAI lets organizations use any AI platform with trusted risk data appeared first on Help Net Security.

我实验室项目荣获第十五届“挑战杯”中国大学生创业计划竞赛上海市赛区特等奖

Cequence Security has announced the launch of Intent Graph and Biometric Check, two new capabilities that extend the behavioral architecture Cequence has built since its inception. They provide enterprises with bot defense that works across web, mobile, API, and agentic AI traffic, without relying on the client-side signals that sophisticated bots have learned to defeat. The architectural divide in bot defense is now unavoidable. While traditional bot defense relies on browser signals such as CAPTCHAs, … More →

The post Cequence introduces behavioral bot detection and biometric verification without CAPTCHAs appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in ISC BIND up to 9.21.12. This impacts an unknown function of the component Pseudo Random Number Generator. The manipulation leads to predictable from observable state. This vulnerability is listed as CVE-2025-40780. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as problematic was found in ISC BIND up to 9.21.12. Affected by this vulnerability is an unknown functionality. The manipulation results in acceptance of extraneous untrusted data with trusted data. This vulnerability is identified as CVE-2025-40778. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in ISC BIND up to 9.18.39/9.18.39-S1/9.20.13/9.20.13-S1/9.21.12. Affected by this issue is some unknown functionality of the component Zone Handler. This manipulation causes asymmetric resource consumption. This vulnerability is tracked as CVE-2025-8677. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Red Hat Enterprise Linux and OpenShift Container Platform. This issue affects some unknown processing of the component NetworkManager. Such manipulation leads to preservation of permissions. This vulnerability is documented as CVE-2025-9615. The attack needs to be performed locally. There is not any exploit available. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as critical, has been found in Python CPython up to 3.14.x. The impacted element is an unknown function of the component SourcelessFileLoader. The manipulation leads to exposure of resource. This vulnerability is traded as CVE-2026-2297. An attack has to be approached locally. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Flowise up to 3.0.9. The impacted element is an unknown function of the component Account Profile Endpoint. Performing a manipulation results in unverified password change. This vulnerability is known as CVE-2025-71337. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Secure Code Warrior has introduced its new SCW AI Adoption Model, a practical framework that maps the progression of AI use in software development, from minimal AI assistance to fully autonomous agentic orchestration. The framework helps CISOs assess their organization’s level of AI adoption, identify the training developers need at each stage, and determine the governance controls required as autonomy increases, answering the question every security leader is asking: Where do we start? Gartner’s 2026 … More →

The post New Secure Code Warrior framework helps CISOs govern AI-driven software development appeared first on Help Net Security.

A vulnerability was found in GeoVision GV-IO Box 4E up to 2.09/2.11. It has been rated as critical. Affected by this issue is some unknown functionality in the library libNetSetObj.so of the component Network Handler. The manipulation leads to os command injection. This vulnerability is documented as CVE-2026-12851. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as very critical has been detected in langflow-ai langflow up to 1.8.x. Affected by this vulnerability is an unknown functionality of the file /api/v1/monitor of the component Transaction Handler. This manipulation causes authorization bypass. This vulnerability is registered as CVE-2026-33760. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Adobe Acrobat Reader up to 2015.006.30523/2017.011.30171/2020.001.30002/2020.009.20074. Impacted is an unknown function of the component File Handler. Executing a manipulation can lead to out-of-bounds write. This vulnerability is tracked as CVE-2020-9695. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Freedesktop libslirp up to 4.9.1. Affected by this vulnerability is an unknown functionality of the component TCP Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-9539. An attack has to be approached locally. There is no exploit available. You should upgrade the affected component.

GCC 编译器合并了支持海光代号苏州的 Model 8 c86-4g-m8 处理器的补丁。海光最早是与 AMD 合作的半导体企业，授权提供 AMD Zen 1 CPU的本地化版本，其产品仅供国内市场使用。几个月前 GCC 编译器合并了支持海光 C86-4G CPU 的补丁。Model 8 苏州 CPU 是上一代 Model 7 成都 CPU 的继任者，目前关于该处理器的信息很少，其指令集架构与上一代相差无几，支持包括 AVX-512 在内的指令集。

Наглядный эксперимент наглядно объяснил механизм работы популярных нейросетей.

DigiCert has announced it is bringing independent trust validation to confidential computing environments, in collaboration with Google Cloud. By applying the proven principles of Public Key Infrastructure (PKI) to cloud infrastructure, DigiCert will provide cryptographic verification that cloud-hosted systems and workloads are authentic, trusted, and untampered. As organizations move more sensitive applications, AI workloads, and critical operations to the cloud, trust in the underlying infrastructure has become a foundational requirement. Particularly in regulated industries, organizations … More →

The post DigiCert brings independent trust validation to confidential computing environments appeared first on Help Net Security.

A vulnerability has been found in angular Angular.ng-template up to 21.2.3 and classified as problematic. Affected by this issue is some unknown functionality of the file client/src/client.ts of the component Language Service. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-50178. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Angular up to 18.2.14/19.2.22/20.3.21/21.2.14. This impacts an unknown function of the component HttpTransferCache Utility. Executing a manipulation can lead to use of cache containing sensitive information. This vulnerability is handled as CVE-2026-50170. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.