Aggregator

A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...]

Этот астероид не вращается, а буквально кувыркается… и у него еще много неожиданных тайн.

Google 将要求用户在摄像头前挥手以证明自己是人类而不是机器人。它提供的区分机器人和人类检测服务 reCAPTCHA 引入了手势验证。Google 表示，在手势验证期间它会分析用户在执行各种操作或手势时的一段或多段手部视频，系统会处理视频以提取手部关键点的坐标数据，其中包括 21 个指关节关键点坐标。Google 声称，视频绝不会与用户的身份相关联，并且会在验证流程结束后删除。系统绝不会录制音频。

A vulnerability, which was classified as problematic, was found in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. This vulnerability is reported as CVE-2026-12823. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. This vulnerability is documented as CVE-2026-12822. The attack needs to be performed locally. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #837600 / VDB-372613

A vulnerability classified as critical was found in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. This vulnerability is registered as CVE-2026-12821. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #837582 / VDB-372612

Submit #837578 / VDB-372611

美国2026年发布的各类战略文件。

Раз в год — раз в 5 лет: вот как компания незаметно переписала правила апгрейда вашего компьютера.

Currently trending CVE - Hype Score: 5 - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Currently trending CVE - Hype Score: 5 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is ...

Currently trending CVE - Hype Score: 7 - NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK ...

Currently trending CVE - Hype Score: 6 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...