Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.18.13/6.19.3. This affects the function arch_set_shadow_stack_status. The manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-45876. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.74/6.18.13/6.19.3. This vulnerability affects the function ishtp_bus_remove_all_clients of the component HID. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-45877. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.19.3 and classified as critical. The affected element is the function nft_set_rbtree of the component netfilter. Performing a manipulation results in privilege escalation. This vulnerability is known as CVE-2026-45873. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3. Affected by this vulnerability is the function pqi_report_phys_luns of the component scsi. Executing a manipulation can lead to memory leak. The identification of this vulnerability is CVE-2026-45872. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.74/6.18.13/6.19.3. Affected by this issue is the function imx_hsio_configure_clk_pad of the component phy. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2026-45874. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.3. It has been declared as critical. Impacted is the function get_burstcount of the component tpm. The manipulation results in privilege escalation. This vulnerability is reported as CVE-2026-45871. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.19.3. Affected is the function power_supply_changed. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2026-45869. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

Anthropic正式发布其最强AI模型Claude Fable 5与Mythos 5，首次采用"同一模型、双版本分发"的安全分层策略。Fable 5面向公众开放，搭载安全分类器拦截网络安全相关请求；Mythos 5解除限制，仅限受信机构使用。 此前Project Glasswing已借助该模型发现超1万个高危漏洞，Mythos甚至能从17年前的漏洞自动编写RCE利用程序。 作为安全从业者，我认为这标志着一个关键转折点：AI将漏洞发现速度提升数个数量级，但修复仍依赖人工，"发现-修复"的天平正在失衡。 更值得关注的是，英国AISI已短时间取得通用jailbreak进展，Anthropic也承认"完全防止几乎不可能"——这意味着未来某个prompt就可能让公众版AI变成全能黑客工具。当AI找漏洞的能力变成"基础设施级"能力时，整个行业的攻防天平将永久倾斜。

A vulnerability was found in Linux Kernel up to 6.6.139/6.12.85/6.18.26/7.0.3. It has been declared as critical. This issue affects the function thermal_zone_device_register_with_trips of the component thermal. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2026-46021. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.139/6.12.85/6.18.26/7.0.3 and classified as critical. Impacted is the function payload_size of the component rxe. Performing a manipulation results in privilege escalation. This vulnerability is reported as CVE-2026-46043. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.139/6.12.87/6.18.29/7.0.6/7.1-rc2. This issue affects the function rmap_remove. This manipulation causes use after free. This vulnerability is handled as CVE-2026-46113. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.3. Affected by this issue is the function rlb_deinitialize. The manipulation results in use after free. This vulnerability is known as CVE-2026-45970. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.19.11. This affects the function usbtmc_draw_down. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2026-31758. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. It has been declared as critical. The affected element is the function check_wsl_eas of the component smb. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-31614. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager Forms JEE up to 6.5.24.0 and classified as problematic. The affected element is an unknown function. The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-34691. It is possible to launch the attack remotely. No exploit is available.

A vulnerability labeled as problematic has been found in Netgear MR70, MS70, RAXE500 and XR1000. Affected by this vulnerability is an unknown functionality. Such manipulation leads to improper input validation. This vulnerability is traded as CVE-2026-9213. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Netgear LBR1020, LBR20, R6700AX, R7800, R9000, RAX10, RAX10v2, RAX120, RAX120v1, RAX120v2, RAX36S, RAX70, RAX78, RBR10, RBR20, RBR350, RBR40, RBR50, RBS10, RBS20, RBS350, RBS40, RBS50, XR450 and XR500. It has been classified as critical. This impacts an unknown function. The manipulation leads to missing authentication. This vulnerability is listed as CVE-2026-9212. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Microsoft SharePoint Server 2.0/16.0.5548.1003/16.0.5552.1002. Impacted is an unknown function. Executing a manipulation can lead to improper authorization. This vulnerability appears as CVE-2026-47298. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Microsoft Outlook and Word LTSC 2024. This affects an unknown function. This manipulation causes heap-based buffer overflow. This vulnerability is handled as CVE-2026-47635. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.