Aggregator

A vulnerability identified as critical has been detected in picklescan up to 0.0.29. Impacted is the function idlelib.pyshell.ModifiedInterpreter.runcommand. This manipulation causes deserialization. The identification of this vulnerability is CVE-2025-71357. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Cap-go capgo up to 12.128.1. This issue affects some unknown processing of the file /build/upload. The manipulation results in information exposure through discrepancy. This vulnerability was named CVE-2026-56316. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in picklescan up to 0.0.24. It has been rated as critical. This vulnerability affects the function timeit.timeit. The manipulation leads to incomplete blacklist. This vulnerability is uniquely identified as CVE-2025-71351. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Он буквально спроектировал белок, который собирается в оболочку как вирус.

A vulnerability was found in picklescan up to 0.0.27. It has been declared as critical. This affects the function torch.utils._config_module.load_config. Executing a manipulation can lead to deserialization. This vulnerability is handled as CVE-2025-71348. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Capgo up to 12.128.1. It has been classified as problematic. Affected by this issue is some unknown functionality. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-56242. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in phpMyFAQ up to 4.1.3 and classified as critical. Affected by this vulnerability is the function editUser/updateUserRights. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-56396. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Craft CMS up to 5.9.13 and classified as critical. Affected is the function FieldsController::actionRenderCardPreview of the component POST Parameter Handler. This manipulation of the argument fieldLayoutConfig causes code injection. This vulnerability appears as CVE-2026-56382. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

IETF представила гибридный метод QUERY.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

芬兰图书馆不只是提供图书借阅，而是维系重要的社会功能。其它国家的公共图书馆在消失，而芬兰还在新建图书馆。美国在 2008-2019 年间关闭了 766 家公共图书馆，英国在 2016-2023 年间逾 180 家图书馆关闭或转交给志愿团体运营。芬兰人口约 560 万，有逾 700 家图书馆，除了借阅图书，图书馆出借的最大物品是空间：可免费预定房间用于会面、学习、进行政治讨论或创作音乐。赫尔辛基市中心的 Oodi 图书馆在 2019 年被评为全球最佳新建图书馆，它提供了缝纫机、网球拍和游泳池通行证的借用服务。这种借用文化源于芬兰的实用主义，可追溯到过去的农业时代，当时的人们经常共享农机。今天的城市居民居住在小房子里，他们可能一年只需要用到一次缝纫机，那么为什么要买呢？他们可以在图书馆免费使用通过税款采购的缝纫机。根据政府报告，55% 的芬兰人每月至少去一次图书馆。数据显示芬兰人平均每年使用图书馆 9.1 次。而英国人平均每年访问图书馆约 2.5 次。美国人平均每年访问图书馆 2.4 次，欧盟平均约 3.5 次。根据芬兰的图书馆法，公共图书馆必须促进民主、言论自由和积极的公民意识。其它北欧国家也有类似的政策。2025 年芬兰在公共图书馆上的支出近 3.71 亿欧元，人均支出 65.78 欧元，而英国人均支出 10 英镑，美国人均支出 45 美元。芬兰图书馆员还能帮助用户处理各类在线事务，从税务和银行账户到养老金和数字健康记录，他们还提供简历和求职申请方面的帮助。一项针对芬兰图书馆的研究得出结论：图书馆发挥着至关重要的包容性基础设施的作用。图书馆是少数可以静静待着而无需消费的公共空间。

Добро пожаловать в новую войну.

A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...]

Этот астероид не вращается, а буквально кувыркается… и у него еще много неожиданных тайн.

Google 将要求用户在摄像头前挥手以证明自己是人类而不是机器人。它提供的区分机器人和人类检测服务 reCAPTCHA 引入了手势验证。Google 表示，在手势验证期间它会分析用户在执行各种操作或手势时的一段或多段手部视频，系统会处理视频以提取手部关键点的坐标数据，其中包括 21 个指关节关键点坐标。Google 声称，视频绝不会与用户的身份相关联，并且会在验证流程结束后删除。系统绝不会录制音频。

A vulnerability, which was classified as problematic, was found in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. This vulnerability is reported as CVE-2026-12823. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. This vulnerability is documented as CVE-2026-12822. The attack needs to be performed locally. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.