Aggregator

A vulnerability described as critical has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-6135. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-6136. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Pachno 1.0.6. It has been declared as critical. Affected is an unknown function. Executing a manipulation can lead to deserialization. This vulnerability is tracked as CVE-2026-40044. The attack can be launched remotely. No exploit exists.

A vulnerability classified as problematic has been found in Pachno 1.0.6. The affected element is the function runSwitchUser. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2026-40043. It is possible to initiate the attack remotely. There is no exploit available.

芝加哥音乐粉丝 Aadam Jacobs 自 1980 年代起录制他参加的演唱会，至今积累了逾万盘磁带。现年 59 岁的 Jacobs 知道磁带会随着时间推移而损坏，因此他同意互联网档案馆的志愿者将这些磁带数字化。互联网档案馆已经上传了 2477 盘音乐会磁带，其中包括相当罕见的 1989 年涅盘乐队（Nirvana）音乐会磁带，乐队被主流观众所熟悉是在 1991 年发行的单曲 Smells Like Teen Spirit 之后。

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery.

本文深入解析OpenClaw（原Clawdbot/Moltbot）控制端UI存在的关键逻辑漏洞CVE-2026

Claude Mythos Preview — мечта хакера и кошмар банкира.

期待 4 月 21 日 14:00-17:00 与您在香港蔡氏大厦相聚，共探 AI × Web3 安全与合规新边界！

A vulnerability classified as problematic has been found in JDEGUEST Apache::API::Password up to 0.5.2 on Perl. The affected element is the function Crypt::Urandom. The manipulation leads to cryptographically weak prng. This vulnerability is documented as CVE-2026-5088. The attack can be initiated remotely. There is not any exploit available.

Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining […]

4月15日，OpenAI发布网络安全大模型GPT-5.4-Cyber。

谷歌于周一发布了M-Trends 2026报告，该报告基于其威胁情报组收集的信息以及在2025年由Mandiant进行的超过500,000小时事件调查的见解。

立即查看详情 →

在 2000 年上映的电影《特工佳丽（Miss Congeniality）》中，桑德拉·布洛克扮演的女主角被问到完美的约会日期时回答，“April 25th, because it's not too hot, not too cold. All you need is a light jacket”。但 4 月 25 日真的是完美的天气？WeatherBug 对美国自 2018 年以来的天气的分析显示，10 月 8 日才是全美温度最舒适和降雨量最低的日期，当天的平均气温约为 19 摄氏度，降雨量约 0.25 毫米。而 4 月 25 日在全年排名中排在第 80 位，平均气温 16 摄氏度，降雨量约 0.32 毫米。数据显示，7 月是美国全年最热的月份，而 1 月则是最冷的月份，1 月 20 日的全国平均气温约 0.5 摄氏度。

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 128.6/134.x. Impacted is an unknown function. The manipulation results in memory corruption. This vulnerability was named CVE-2025-1017. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Mozilla Firefox up to 134. This affects an unknown part. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2025-1020. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Mozilla Thunderbird up to 134. This vulnerability affects unknown code. Performing a manipulation results in memory corruption. This vulnerability is reported as CVE-2025-1020. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Mozilla Firefox up to 134. This issue affects some unknown processing of the component Fullscreen Notification Handler. Executing a manipulation can lead to improper restriction of rendered ui layers. This vulnerability appears as CVE-2025-1018. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.