Aggregator

新的一年既带来了全新的挑战，这些是 CISO 在 2026 年最值得推进的创新型安全项目，值得纳入年度安全规划清单。

A vulnerability was found in Tenda AX1803 1.0.0.1 and classified as critical. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2026-1329. The attack may be launched remotely. Furthermore, there is an exploit available.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Unified Communications products vulnerability, tracked as CVE-2026-20045 (CVSS score of 8.2), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Cisco patched a critical zero-day […]

Submit #736067 / VDB-342305

Submit #736066 / VDB-342305

Submit #736065 / VDB-342305

Submit #736064 / VDB-342305

Submit #736063 / VDB-342305

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. This vulnerability was named CVE-2026-1328. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. This vulnerability is uniquely identified as CVE-2026-1327. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. This vulnerability is handled as CVE-2026-1326. The attack can be initiated remotely. Additionally, an exploit exists.

根据《Carbon Majors》报告，2024 年 32 家化石燃料公司的排放量占到了全球二氧化碳排放量的一半。沙特阿美是最大的国家所有的污染企业，而埃克森美孚是最大的投资者所有的污染企业。排名前 20 的化石燃料公司中有 17 家是国有企业。沙特阿美排放了 17 亿吨二氧化碳，大部分来自出口的石油。如果沙特阿美是一个国家，它将是全球第五大碳排放国，位于俄罗斯之后。埃克森美孚的化石燃料生产排放了 6.1 亿吨二氧化碳，是第九大污染排放国，排名位于韩国之前。

还在等手机智能体？看看你自带的 AI 手机助手是不是已经在越权操作了

A vulnerability classified as problematic was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. This vulnerability is known as CVE-2026-1325. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. This vulnerability is traded as CVE-2026-1324. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #736062 / VDB-342157

Submit #735792 / VDB-342304

Submit #735790 / VDB-342303

Submit #735787 / VDB-342302

Submit #736208 / VDB-342301