Aggregator

Submit #736063 / VDB-342305

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. This vulnerability was named CVE-2026-1328. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. This vulnerability is uniquely identified as CVE-2026-1327. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. This vulnerability is handled as CVE-2026-1326. The attack can be initiated remotely. Additionally, an exploit exists.

根据《Carbon Majors》报告，2024 年 32 家化石燃料公司的排放量占到了全球二氧化碳排放量的一半。沙特阿美是最大的国家所有的污染企业，而埃克森美孚是最大的投资者所有的污染企业。排名前 20 的化石燃料公司中有 17 家是国有企业。沙特阿美排放了 17 亿吨二氧化碳，大部分来自出口的石油。如果沙特阿美是一个国家，它将是全球第五大碳排放国，位于俄罗斯之后。埃克森美孚的化石燃料生产排放了 6.1 亿吨二氧化碳，是第九大污染排放国，排名位于韩国之前。

还在等手机智能体？看看你自带的 AI 手机助手是不是已经在越权操作了

A vulnerability classified as problematic was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. This vulnerability is known as CVE-2026-1325. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. This vulnerability is traded as CVE-2026-1324. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #736062 / VDB-342157

Submit #735792 / VDB-342304

Submit #735790 / VDB-342303

Submit #735787 / VDB-342302

Submit #736208 / VDB-342301

Submit #735716 / VDB-342300

周末深夜，一位资深工程师对着屏幕苦笑。他让AI生成的一段看似完美的数据库查询代码，在生产环境中崩溃了——它没有考虑数据量激增时的锁表问题。

复旦大学CodeWisdom团队博士生、软件研发领域业界知名专家茹炳晟最新观点文章

«Плюс» и «минус» в одном теле.

A vulnerability identified as critical has been detected in Linux Kernel up to 295c9b554f6dfcd2d368fae6e6fa22ee5b79c123. This vulnerability affects the function tipc_mon_reinit_self of the file include/linux/spinlock_api_smp.h. Performing a manipulation of the argument monitors[] results in use after free. This vulnerability was named CVE-2025-40280. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.17.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file net/sctp/transport.c of the component sctp. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2025-40281. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.3.1. The impacted element is an unknown function. Such manipulation leads to memory leak. This vulnerability is referenced as CVE-2023-53489. The attack can only be performed from a local environment. No exploit is available. The affected component should be upgraded.