Aggregator

A vulnerability was found in undici up to 6.25.x/7.27.x/8.4.x. It has been declared as problematic. This impacts an unknown function of the component Cookies Feature. The manipulation results in permissive list of allowed inputs. This vulnerability is cataloged as CVE-2026-11525. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in undici up to 6.25.x/7.27.x/8.4.x. It has been rated as critical. Affected is an unknown function of the file /parseCookie/getSetCookies of the component HTTP Response Header Handler. This manipulation causes crlf injection. This vulnerability is registered as CVE-2026-9679. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

2026年6月23日 10:00软件资讯01.44K

一项由底特律养老基金主导的诉讼指控优步管理层及其董事会将利润置于合规与安全之上，这些决定使公司及其股东面临风险。该诉讼于周一在旧金山美国加利福尼亚北区联邦地区法院提起，指控优步是一家屡犯合规问题的违规

A vulnerability was found in MIPS up to 2.4. It has been declared as problematic. This issue affects some unknown processing of the file app/webroot/js/misp.js of the component Image Name Handler. The manipulation results in cross site scripting (Persistent). This vulnerability is known as CVE-2019-11814. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in MISP 2.4.108. It has been rated as critical. The affected element is an unknown function of the component Password Reset. Performing a manipulation results in credentials management. This vulnerability is known as CVE-2019-12794. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in MISP 2.4.109 and classified as critical. This vulnerability affects the function file_exists of the file app/Model/Server.php. The manipulation leads to deserialization. This vulnerability is documented as CVE-2019-12868. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in MISP 2.4.111. It has been declared as problematic. This affects an unknown function of the file app/webroot/js/event-graph.js of the component event-graph View. Such manipulation leads to cross site scripting (Stored). This vulnerability is uniquely identified as CVE-2019-14286. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in MISP. Impacted is the function __checkLoggedActions. Such manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2019-16202. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability identified as critical has been detected in MISP 2.4.118. Impacted is an unknown function of the file app/Controller/TagsController.php. Performing a manipulation results in incorrect permission assignment. This vulnerability is reported as CVE-2019-19379. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in MISP up to 2.4.120. This impacts an unknown function of the component Time Skew Handler. Such manipulation leads to time-of-check time-of-use. This vulnerability is listed as CVE-2020-8890. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in MISP up to 2.4.120. Affected is an unknown function of the component Username Handler. Performing a manipulation results in an unknown weakness. This vulnerability is cataloged as CVE-2020-8891. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in MISP up to 2.4.120. Affected by this vulnerability is an unknown functionality of the component HTTP PUT Handler. Executing a manipulation as part of Request can lead to Remote Code Execution. This vulnerability is registered as CVE-2020-8892. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in MISP up to 2.4.120 and classified as critical. Affected by this issue is some unknown functionality of the file app/View/Galaxies/view.ctp of the component Galaxy View. The manipulation as part of String leads to an unknown weakness. This vulnerability is documented as CVE-2020-8893. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in MISP up to 2.4.120 and classified as critical. This affects an unknown part of the file app/Controller/ThreadsController.php of the component ACL Handler. The manipulation results in an unknown weakness. This vulnerability is reported as CVE-2020-8894. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in MISP 2.4.122. The impacted element is an unknown function of the file app/View/Users/statistics_orgs.ctp. This manipulation as part of Parameter causes cross site scripting (Reflected). This vulnerability is registered as CVE-2020-10246. Remote exploitation of the attack is possible. No exploit is available.

当地时间周一，人工智能公司OpenAI宣布了一项新计划，旨在帮助开源社区提升其网络安全水平并抵御漏洞。 “Patch the Planet” 计划将由OpenAI与安全公司Trail of Bits