Aggregator

Проблема годами таилась в исходных файлах и обходила даже строгие ревизии кода.

A vulnerability classified as problematic has been found in burlingtonbytes WP Blockade Plugin up to 0.9.14 on WordPress. Impacted is the function render_shortcode_preview of the component Endpoint. This manipulation of the argument shortcode causes cross site scripting. This vulnerability is handled as CVE-2026-3481. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in ZTE MU5250 BD_FLYMODEMV1.0.0B27. This issue affects some unknown processing of the component Configuration Handler. The manipulation results in information disclosure. This vulnerability is known as CVE-2026-44409. Access to the local network is required for this attack. No exploit is available.

A vulnerability marked as problematic has been reported in pftool Alfie Plugin up to 1.2.1 on WordPress. This vulnerability affects the function alfie_manage of the component GET Parameter Handler. The manipulation of the argument delete leads to cross-site request forgery. This vulnerability is traded as CVE-2026-4070. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in themewant Easy Elements for Elementor Plugin up to 1.4.5 on WordPress. This affects the function easyel_handle_register of the component Login/Register. Executing a manipulation can lead to improper privilege management. This vulnerability appears as CVE-2026-9018. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in wpxpo FastX Plugin up to 1.0.2 on WordPress. Affected by this issue is the function ultp_install_callback of the component Plugin Installation Handler. Performing a manipulation results in missing authorization. This vulnerability is reported as CVE-2026-2518. The attack is possible to be carried out remotely. No exploit exists.

NASA 证实国际空间站的俄罗斯舱段再次发生漏气事故。过去五年俄罗斯航天局和 NASA 一直在追踪俄罗斯舱段的空气泄漏，漏气的舱段位于 Progress（进步号）气闸舱和 Zvezda（星辰号）服务舱之间的 PrK 模块，漏气原因是微小的结构裂缝。今年 1 月 NASA 宣布在多次检查和密封处理后 PrK 舱段的内部压力已经稳定，不再漏气。然而 PrK 舱段的漏气情况在三周前再次出现。NASA 表示它正与俄罗斯航天局协调后续处理步骤。此次事件再次引发了对国际空间站长期生存能力的担忧。

NASA 证实国际空间站的俄罗斯舱段再次发生漏气事故。过去五年俄罗斯航天局和 NASA 一直在追踪俄罗斯舱段的空气泄漏，漏气的舱段位于 Progress（进步号）气闸舱和 Zvezda（星

智谱推出GLM-5.1高速版：400 tokens/s智谱宣布面向部分企业客户推出GLM-5.1高速版API“GLM-5.1-highspeed”，模型输出速度达到400 tokens/s。智谱称，这

A vulnerability marked as critical has been reported in insyde Kernel. Affected by this vulnerability is an unknown functionality of the component AhciBusDxe. This manipulation causes memory corruption. This vulnerability appears as CVE-2022-29276. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in insyde Kernel. Affected by this issue is some unknown functionality of the component NvmExpressDxe Driver. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-29278. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in insyde Kernel. This vulnerability affects unknown code of the component FwBlockServiceSmm Driver. Performing a manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2022-29277. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple Xcode up to 14.0. Affected is an unknown function of the component Git. This manipulation causes uncontrolled search path. This vulnerability is tracked as CVE-2022-29187. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in insyde Kernel. Affected is an unknown function of the component UsbCoreDxe. The manipulation results in memory corruption. This vulnerability is reported as CVE-2022-29275. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

微步提供技术支持

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability described as critical has been identified in jirka-h haveged. Affected by this issue is the function socket_handler of the file src/havegecmd.c. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-41054. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in 9front. This impacts an unknown function. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-9054. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability categorized as problematic has been discovered in ConnectWise Automate. This issue affects some unknown processing. Such manipulation leads to download of code without integrity check. This vulnerability is uniquely identified as CVE-2026-9089. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

根据 Economic Policy Institute (EPI)的报告，美国雇主每年在反工会活动上的开支逾 15 亿美元。雇主雇佣从事工会规避服务的顾问和律所，在工会选举和活动期间提供法律咨询、代理和诉讼服务。美国公司每年在反工会咨询服务的开支上多达 4.42 亿美元，根据亚马逊递交到劳工部的文件，2025 年它在雇佣反工会顾问上的开支为 2660 万美元。目前美国的工会覆盖率仅为 10%，而 1983 年这一比例为 20.3%。而盖洛普民调显示，近七成美国民众支持工会。由于拖延战术和上诉，美国工人平均需要 465 天才能达成第一份工会合同，很多情况下时间甚至更长，如星巴克自 2021 年美国首家门店赢得工会选举以来工人至今仍未达成第一份工会合同。