Aggregator

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A vulnerability, which was classified as problematic, was found in vm2 up to 3.10.5. This impacts an unknown function. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-44001. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability described as critical has been identified in HPE Aruba Networking Wireless Operating System up to 10.8.0.0. Affected is an unknown function of the component Web-based Management Interface. Executing a manipulation can lead to command injection. This vulnerability is registered as CVE-2026-44866. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in MongoDB Server up to 7.0.33/8.0.22/8.2.8/8.3.1. This issue affects some unknown processing of the component Aggregation Handler. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2026-8202. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability has been found in MongoDB Server up to 7.0.33/8.0.22/8.2.8/8.3.1 and classified as critical. The affected element is an unknown function. This manipulation of the argument _internalJsEmit causes use after free. This vulnerability is tracked as CVE-2026-8336. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in MongoDB Server up to 7.0.33/8.0.22/8.2.8/8.3.1. Affected by this issue is some unknown functionality of the component Log Message Handler. This manipulation causes sensitive information in log files. This vulnerability appears as CVE-2026-8200. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in vercel next.js up to 15.5.15/16.2.4. Affected by this vulnerability is an unknown functionality. Such manipulation leads to acceptance of extraneous untrusted data with trusted data. This vulnerability is listed as CVE-2026-44572. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Netty up to 4.1.133.Final/4.2.13.Final. This impacts the function newInitialMessage. This manipulation causes http response splitting. This vulnerability is handled as CVE-2026-42578. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CKAN up to 2.10.9/2.11.4. The impacted element is the function datastore_search_sql. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-42031. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in CKAN up to 2.10.9/2.11.4. This affects the function datastore_search_sql. Executing a manipulation can lead to incorrect authorization. This vulnerability appears as CVE-2026-42032. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in CKAN up to 2.10.9/2.11.4. It has been rated as problematic. This affects an unknown part. Performing a manipulation results in improper certificate validation. This vulnerability was named CVE-2026-41132. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

7-Eleven has confirmed that its internal systems were breached in April 2026, exposing pers

A novel exploitation framework designed to escalate execution privileges within the Windows environment, designated as Eris, has emerged

The post The SNEK Initiative Drops “Eris”: New Post-Exploit Framework Abuses Windows Fax Service for SYSTEM Root appeared first on Penetration Testing Tools.

Shai-Hulud worm copycats emerge after source code leakShai-Hulu

Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were […]

Egnyte has announced a new set of capabilities designed to consolidate fragmented knowledge. Email Capture centralizes critical communications and attachments from siloed inboxes into the Egnyte folder structure, assisting users to make more informed data-driven decisions based on their entire knowledge base. Egnyte is also launching a set of AI-driven integrations and capabilities specifically designed for the architecture, engineering, and construction (AEC) industry. Data fragmentation is a pervasive problem for organizations that can contribute to … More →

The post Egnyte unveils Email Capture and AI features to unify fragmented data appeared first on Help Net Security.

凭借多模异构分析、领域知识驱动、动态验证闭环三大核心突破，成为真正具备全链路操作系统漏洞挖掘能力的AI安全产品，为政企用户构筑底层软件安全防线提供核心支撑。