Aggregator

A vulnerability was found in RedisGraph 2.12.10. It has been rated as critical. Affected by this issue is the function DataBlock_ItemIsDeleted. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-47003. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability identified as critical has been detected in Redis RedisGraph up to 2.12.8. Affected by this issue is some unknown functionality. Performing a manipulation results in code injection. This vulnerability is known as CVE-2023-47004. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Totolink A3300R 17.0.0cu.557_B20221024. It has been rated as critical. Affected by this issue is the function setLedCfg. This manipulation of the argument enable causes command injection. The identification of this vulnerability is CVE-2023-46993. The attack needs to be done within the local network. There is no exploit available.

我越来越觉得，找餐厅这件事，大众点评、小红书都帮不了我。倒不是说它们不好用。信息多，评价全，但问题就出在"太多"上。

推理能力翻倍，价格不变，这一次 Google 是真的想重新定义 AI 竞争的规则。

A vulnerability was found in ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Edit Operation Handler. Performing a manipulation results in sql injection. This vulnerability is identified as CVE-2024-51962. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3 on Windows. This affects an unknown part. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2024-51954. The attack can be launched remotely. No exploit exists.

A vulnerability was found in F5 BIG-IP up to 17.5.1.4. It has been rated as problematic. Impacted is an unknown function of the component Traffic Management Microkernel. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-2507. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.69/6.18.9. This issue affects the function smp_mb. Such manipulation leads to state issue. This vulnerability is documented as CVE-2026-23213. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0. Affected by this vulnerability is the function ksmbd_tcp_new_connection of the component smb. Executing a manipulation can lead to memory leak. This vulnerability is tracked as CVE-2026-23228. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.69/6.18.9. Impacted is the function find_free_extent_update_loop of the component btrfs. Performing a manipulation results in privilege escalation. This vulnerability is reported as CVE-2026-23214. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.18.9. The impacted element is the function devm_kcalloc of the component gpio. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2026-23218. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.18.9 and classified as critical. The impacted element is the function settime64 of the component iwlwifi. The manipulation results in privilege escalation. This vulnerability was named CVE-2025-71226. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.161/6.6.122/6.12.68/6.18.8 and classified as critical. This impacts an unknown function of the component bonding. This manipulation causes privilege escalation. This vulnerability is handled as CVE-2026-23212. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.9. The affected element is the function cfg80211_get_ies_channel_number. Executing a manipulation can lead to privilege escalation. This vulnerability appears as CVE-2025-71227. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0. Affected is the function virtcrypto_done_task of the component crypto. Executing a manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2026-23229. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

AI-powered ransomware compresses attacks from weeks to minutes. Michael Villar, director of field security technology at Akamai, says banks need AI-driven segmentation to contain intruders fast, limit lateral movement and protect sensitive data before extortion begins.

Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-Day
This week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.

Analysts Urge Mandatory Guardrails on AI Agents, Identity and Privilege
Security leaders are pressing Treasury to embed enforceable guardrails - covering adversarial testing, AI inventory, identity privilege mapping and real-time monitoring - into its forthcoming financial-sector AI guidance as deepfake fraud, data poisoning and autonomous agent risks escalate.