Aggregator

Кажется, эпоха слепого доверия к проверенным источникам окончательно ушла в прошлое.

Currently trending CVE - Hype Score: 7 - Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0.

Currently trending CVE - Hype Score: 12 - A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .

Currently trending CVE - Hype Score: 4 - Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Группировка Andariel атаковала госструктуры в Европе.

特朗普在达沃斯世界经济论坛年会上，高调宣布成立由美方主导的“和平委员会”（Board of Peace），声

本文约7035字，预计阅读时间18分钟。谍战电影里的特工身怀各种绝技，事实上许多情报员的技能在日常生活中也适用。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Выявлена масштабная схема кражи денег через VoIP-номера Microsoft.

三倍奖励 全年有效

富士フイルムビジネスイノベーション株式会社が提供するbeat-access Windows版にはDLL読み込みに関する脆弱性が存在します。

A vulnerability was found in RocketChat Rocket.Chat up to 6.11.x. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/oauth-apps.get of the component API Endpoint. This manipulation of the argument client_id/client_secret causes improper privilege management. This vulnerability appears as CVE-2026-23477. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Cinspiration RDP Manager 4.9.9.3. The affected element is an unknown function. Such manipulation leads to allocation of resources. This vulnerability is documented as CVE-2021-47771. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in IBM ApplinX 11.1. This vulnerability affects unknown code of the component JSON Web Token Handler. Such manipulation leads to improper verification of cryptographic signature. This vulnerability is referenced as CVE-2025-36418. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in IBM ApplinX 11.1. It has been classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-36411. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in NVIDIA CUDA Toolkit. Affected by this vulnerability is an unknown functionality of the component Installer. Performing a manipulation results in os command injection. This vulnerability is cataloged as CVE-2025-33230. The attack must be initiated from a local position. There is no exploit available.

A vulnerability was found in IBM ApplinX 11.1 and classified as problematic. This vulnerability affects unknown code. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-36419. The attack can be launched remotely. No exploit exists.

A vulnerability was found in IBM ApplinX 11.1. It has been classified as critical. This issue affects some unknown processing. This manipulation causes improper authorization. This vulnerability appears as CVE-2025-36410. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in NVIDIA Nsight Systems. It has been declared as critical. Impacted is the function gfx_hotspot of the file process_nsys_rep_cli.py. Such manipulation leads to os command injection. This vulnerability is traded as CVE-2025-33228. The attack may be launched remotely. There is no exploit available.