Aggregator

微软承认 Windows 11 存在信任问题,承诺 2026 年重点解决

Solidot
2 months ago
Windows 11 的用户数突破了 10 亿,但微软也承认 Windows 11 存在信任问题,表示 2026 年将集中精力解决该问题。Windows 和设备部门总裁 Pavan Davuluri 表示该公司从用户和 Windows Insiders 测试者收到了明确的反馈,需要以对用户真正有意义的方式改进 Windows,该公司计划 2026 年重点解决包括系统性能、可靠性和整体用户体验在内的痛点。微软一月例行安全更新导致了一系列严重问题,以及 Windows 11 出现太多的广告都招致了用户不满。

CVE-2026-1686 | Totolink A3600R 5.9c.4959 /lib/cste_modules/app.so setAppEasyWizardConfig apcliSsid buffer overflow

VulDB Recent Entries
2 months ago
A vulnerability has been found in Totolink A3600R 5.9c.4959 and classified as critical. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. This vulnerability is cataloged as CVE-2026-1686. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-1685 | D-Link DIR-823X 250416 Login sub_40AC74 excessive authentication

VulDB Recent Entries
2 months ago
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2026-1685. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2026-25211 | llamastack Llama Stack up to 0.4.0rc2 pgvector Password log file

VulDB Recent Entries
2 months ago
A vulnerability, which was classified as problematic, has been found in llamastack Llama Stack up to 0.4.0rc2. This affects an unknown part of the component pgvector Password Handler. This manipulation causes sensitive information in log files. This vulnerability is tracked as CVE-2026-25211. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-1684 | Free5GC SMF up to 4.1.0 PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service

VulDB Recent Entries
2 months ago
A vulnerability classified as problematic was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. This vulnerability is identified as CVE-2026-1684. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2026-1683 | Free5GC SMF up to 4.1.0 PFCP handler.go HandlePfcpSessionReportRequest denial of service (Issue 804)

VulDB Recent Entries
2 months ago
A vulnerability classified as problematic has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-1683. Remote exploitation of the attack is possible. Furthermore, an exploit is available. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2026-1682 | Free5GC SMF up to 4.1.0 PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference (Issue 794)

VulDB Recent Entries
2 months ago
A vulnerability described as problematic has been identified in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-1682. The attack may be launched remotely. Furthermore, there is an exploit available. A patch should be applied to remediate this issue.
vuldb.com

CVE-2026-25117 | pwncollege dojo /workspace/ cross-domain policy (GHSA-wvcf-9xm8-7mrg / EUVD-2026-4941)

Vuldb Updates
2 months ago
A vulnerability identified as critical has been detected in pwncollege dojo. This impacts an unknown function of the file /workspace/. This manipulation causes permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2026-25117. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2026-25126 | polarnl PolarLearn prior 0-PRERELEASE-15 Vote API /api/v1/forum/vote votes_data direction input validation (GHSA-ghpx-5w2p-p3qp / EUVD-2026-4937)

Vuldb Updates
2 months ago
A vulnerability categorized as critical has been discovered in polarnl PolarLearn. This affects the function votes_data of the file /api/v1/forum/vote of the component Vote API. The manipulation of the argument direction results in improper input validation. This vulnerability was named CVE-2026-25126. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup

The Hackers News
2 months ago
A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing
The Hacker News

Managed ad