Aggregator

Submit #736208 / VDB-342301

Submit #735716 / VDB-342300

周末深夜，一位资深工程师对着屏幕苦笑。他让AI生成的一段看似完美的数据库查询代码，在生产环境中崩溃了——它没有考虑数据量激增时的锁表问题。

复旦大学CodeWisdom团队博士生、软件研发领域业界知名专家茹炳晟最新观点文章

«Плюс» и «минус» в одном теле.

A vulnerability identified as critical has been detected in Linux Kernel up to 295c9b554f6dfcd2d368fae6e6fa22ee5b79c123. This vulnerability affects the function tipc_mon_reinit_self of the file include/linux/spinlock_api_smp.h. Performing a manipulation of the argument monitors[] results in use after free. This vulnerability was named CVE-2025-40280. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.17.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file net/sctp/transport.c of the component sctp. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2025-40281. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.3.1. The impacted element is an unknown function. Such manipulation leads to memory leak. This vulnerability is referenced as CVE-2023-53489. The attack can only be performed from a local environment. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in SpenetiX Fusion Digital Signage up to 3.4.8. The impacted element is an unknown function of the file index.php of the component Delete Request Handler. The manipulation leads to path traversal. This vulnerability is documented as CVE-2020-36883. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as critical was found in NETGEAR RS700, RAX54Sv2, RAX41v2, RAX50, RAXE500, RAX41, RAX43, RAX35v2, RAXE450, RAX43v2, RAX42, RAX45, RAX50v2, MR90, RAX42v2, RAX49S and MS90. Affected by this issue is some unknown functionality of the component DNS Response Handler. Such manipulation leads to improper input validation. This vulnerability is listed as CVE-2025-12946. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 5.4.228/5.10.162/5.15.85/6.0.15/6.1.1. It has been rated as critical. This vulnerability affects the function regmap_read of the component ASoC. Performing a manipulation results in denial of service. This vulnerability is identified as CVE-2022-50439. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in HP System Event Utility and Omen Gaming Hub. It has been rated as critical. The affected element is an unknown function. Performing a manipulation results in path traversal. This vulnerability is reported as CVE-2025-11531. The attack requires a local approach. No exploit exists. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in pytest up to 9.0.2 on UNIX. Affected by this vulnerability is an unknown functionality of the file /tmp/pytest-of-{user}. Executing a manipulation can lead to creation of temporary file in directory with insecure permissions. This vulnerability appears as CVE-2025-71176. The attack requires local access. There is no available exploit.

A vulnerability marked as problematic has been reported in Altium AES up to 7.0.5. Affected is an unknown function of the component BOM Viewer. Performing a manipulation of the argument Description results in cross site scripting. This vulnerability is reported as CVE-2025-27379. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in horilla-opensource horilla up to 1.4.x. This impacts the function has_xss. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-24037. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

2011 年的福岛核事故迫使日本关闭了所有核电站，本周三日本东京电力公司重启了世界最大核电站柏崎刈羽核电站 6 号机组反应堆。这是东电在福岛核事故后首次重启核电站。福岛核事故与乌克兰切尔诺贝利核事故同属国际核事件分级表中最严重的7级，许多老年人等在严酷的疏散生活中去世，大量居民被迫离开家园。为筹措报废及赔偿所需资金，东电希望重启柏崎刈羽 6 号和 7 号机组（各 135.6 万千瓦）并向原子能规制委员会提交了审查申请。尽管其运营核电站的资质受到质疑，但东电承诺切实完成报废工作等，最终通过了审查。柏崎刈羽核电站采取了多项措施，包括建设防波堤防备超过预料的海啸、新设可在电源丧失时向反应堆注水的泵机。因反恐设施尚未完工，6 号机组在设置宽限期结束的 2029 年 9 月之后将暂时停运。

A vulnerability identified as problematic has been detected in JuneAndGreen sm-crypto up to 0.3.x. This affects an unknown function of the component SM2 Signed Message Handler. This manipulation causes improper verification of cryptographic signature. This vulnerability is registered as CVE-2026-23965. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in ImageMagick up to 14.10.1. The impacted element is an unknown function of the component MSL Parser. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-23952. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Mastodon up to 4.3.17/4.4.11/4.5.4. It has been rated as problematic. The affected element is an unknown function of the component API Handler. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-23963. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in horilla-opensource horilla up to 1.4.x. It has been declared as critical. Impacted is an unknown function of the component Profile Photo Update Handler. Executing a manipulation can lead to unrestricted upload. This vulnerability is tracked as CVE-2026-24034. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.