Aggregator

CVE-2026-34159

CVE Trends
3 weeks ago
Currently trending CVE - Hype Score: 1 - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted ...

CVE-2026-46364

CVE Trends
3 weeks ago
Currently trending CVE - Hype Score: 2 - phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the ...

CVE-2026-39987

CVE Trends
3 weeks ago
Currently trending CVE - Hype Score: 2 - marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. ...

CVE-2026-40933

CVE Trends
3 weeks ago
Currently trending CVE - Hype Score: 2 - Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command ...

马来西亚禁止未满 16 岁青少年使用社媒禁令生效

Solidot
3 weeks ago
马来西亚新网络安全法规星期一(6 月 1 日)生效,要求各大社交媒体平台验证用户年龄,并禁止 16 岁以下儿童注册账户。这项新法规适用于在马来西亚拥有至少 800 万用户的社媒供应商,包括 Facebook、Instagram、TikTok、YouTube 等。该国通信监管机构表示将给予社媒平台一段宽限期实施这些措施,但未说明宽限期的截止日期。新《网络安全法》的相关规定包括新的《儿童保护法》和《风险缓解法》,并要求社媒平台“加强内容管理”。通信与多媒体委员会说,未能遵守这两项守则的公司可面临最高 1000 万令吉的罚款。

Managed ad