Aggregator

A vulnerability identified as critical has been detected in Cisco Catalyst SD-WAN Manager. Affected by this issue is some unknown functionality of the component Web UI. This manipulation causes logging of excessive data. This vulnerability is registered as CVE-2026-20209. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Cisco Catalyst SD-WAN Manager. This affects an unknown part of the component Web UI. Such manipulation leads to logging of excessive data. This vulnerability is documented as CVE-2026-20210. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic was found in Cisco Catalyst SD-WAN Manager. The affected element is an unknown function of the component XML File Parser. The manipulation results in xml external entity reference. This vulnerability is known as CVE-2026-20224. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.52/6.17.2 and classified as critical. This affects the function ecap_slads of the component iommu. Executing a manipulation can lead to state issue. This vulnerability is registered as CVE-2025-40058. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.52/6.17.2. This issue affects the function max_vclocks of the component ptp. Executing a manipulation of the argument max can lead to privilege escalation. This vulnerability appears as CVE-2025-40057. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 and classified as critical. The impacted element is the function user_cluster_connect of the component ocfs2. Performing a manipulation results in double free. This vulnerability is cataloged as CVE-2025-40055. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2. It has been rated as critical. This vulnerability affects the function copy_to_iter of the component vhost. Performing a manipulation of the argument return results in unchecked return value. This vulnerability is reported as CVE-2025-40056. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.17.2. The affected element is the function f2fs_merge_page_bio of the component f2fs. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-40054. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in asith-eranga ISIC Tour Booking. This issue affects some unknown processing of the file /system/user/modules/mod_users/controller.php. Executing a manipulation of the argument action can lead to information disclosure. This vulnerability is handled as CVE-2022-28607. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in Bentley MicroStation CONNECT 10.16.02.34. Affected is an unknown function of the component IFC File Parser. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2022-28641. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Frappe ERPNext up to 12.28.x. It has been rated as problematic. Affected is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2022-28598. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

A vulnerability was found in jhead 3.06. It has been rated as critical. Affected is the function shellescape of the file jhead.c. Performing a manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2022-28550. The attack needs to be approached within the local network. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

5月30日，上海见！

2026年5月20日 09:30软件资讯01.43K

Siber Systems, Inc.が提供するAndroidアプリ「パスワード管理 ロボフォーム」は、intent経由で渡されたURLをオープンする際に十分な検証を行っていません。

5 月 20 日凌晨，Google I/O 2026 开幕，在 Keynote 开幕演讲中，Google CEO Sundar Pichai 发布了多项围绕 Gemini 的产品更新。视频生成与编辑专