Aggregator

CVE-2026-23525 | 1Panel-dev 1Panel up to 1.10.33/2.0.16 on Linux MdEditor cross site scripting (GHSA-mg24-6h5c-9q42 / EUVD-2026-3193)

VulDB Recent Entries
3 months 1 week ago
A vulnerability was found in 1Panel-dev 1Panel up to 1.10.33/2.0.16 on Linux. It has been rated as problematic. This affects an unknown part of the component MdEditor. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-23525. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-23626 | Kimai up to 2.45.x special elements used in a template engine (GHSA-jg2j-2w24-54cg)

VulDB Recent Entries
3 months 1 week ago
A vulnerability was found in Kimai up to 2.45.x. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation results in improper neutralization of special elements used in a template engine. This vulnerability is known as CVE-2026-23626. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-23733 | lobehub lobe-chat up to 1.136.2 Mermaid Artifact Renderer cross site scripting (GHSA-4gpc-rhpj-9443)

VulDB Recent Entries
3 months 1 week ago
A vulnerability was found in lobehub lobe-chat up to 1.136.2. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Mermaid Artifact Renderer. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-23733. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-23829 | axllent mailpit up to 1.28.2 Regular Expression RCPT TO/MAIL FROM crlf injection (GHSA-54wq-72mp-cq7c / CNNVD-202601-2973)

VulDB Recent Entries
3 months 1 week ago
A vulnerability was found in axllent mailpit up to 1.28.2 and classified as problematic. Affected is an unknown function of the component Regular Expression Handler. Executing a manipulation of the argument RCPT TO/MAIL FROM can lead to crlf injection. This vulnerability appears as CVE-2026-23829. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-0943 | JV HarfBuzz::Shaper up to 0.31 on Perl HarfBuzz vulnerable third-party component

VulDB Recent Entries
3 months 1 week ago
A vulnerability has been found in JV HarfBuzz::Shaper up to 0.31 on Perl and classified as problematic. This impacts an unknown function of the component HarfBuzz. Performing a manipulation results in dependency on vulnerable third-party component. This vulnerability is reported as CVE-2026-0943. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2026-23644 | esm-dev esm.sh prior 0.0.0-20260116051925-c62ab83c589e tar path.Clean path traversal

VulDB Recent Entries
3 months 1 week ago
A vulnerability, which was classified as critical, was found in esm-dev esm.sh. This affects the function path.Clean of the component tar Handler. Such manipulation leads to path traversal. This vulnerability is documented as CVE-2026-23644. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2024-49857 | Linux Kernel up to 6.11.1 mvm null pointer dereference (b3322a6d6aa9/a949075d4bbf / Nessus ID 216493)

Vuldb Updates
3 months 1 week ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.11.1. This impacts an unknown function of the component mvm. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-49857. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-49856 | Linux Kernel up to 5.15.167/6.1.112/6.6.53/6.10.12/6.11.1 sgx nid_of_current deadlock (Nessus ID 212817 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability marked as critical has been reported in Linux Kernel up to 5.15.167/6.1.112/6.6.53/6.10.12/6.11.1. The affected element is the function nid_of_current of the component sgx. This manipulation causes deadlock. The identification of this vulnerability is CVE-2024-49856. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2024-49855 | Linux Kernel up to 6.1.112/6.6.53/6.10.12/6.11.1 nbd_requeue_cmd use after free (Nessus ID 212612 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.1.112/6.6.53/6.10.12/6.11.1. It has been rated as critical. This affects the function nbd_requeue_cmd. This manipulation causes use after free. This vulnerability appears as CVE-2024-49855. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2024-49851 | Linux Kernel up to 6.11.1 tpm tpm_dev_transmit cleanup (Nessus ID 212567 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability identified as problematic has been detected in Linux Kernel up to 6.11.1. This issue affects the function tpm_dev_transmit of the component tpm. The manipulation leads to incomplete cleanup. This vulnerability is uniquely identified as CVE-2024-49851. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2024-49853 | Linux Kernel up to 6.1.112/6.6.53/6.10.12/6.11.1 arm_scmi double free (Nessus ID 213470 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.1.112/6.6.53/6.10.12/6.11.1. It has been declared as critical. The impacted element is an unknown function of the component arm_scmi. The manipulation results in double free. This vulnerability is reported as CVE-2024-49853. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-49852 | Linux Kernel up to 5.15.167/6.1.112/6.6.53/6.10.12/6.11.1 efc_nport_vport_del use after free (Nessus ID 210940 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Linux Kernel up to 5.15.167/6.1.112/6.6.53/6.10.12/6.11.1. It has been classified as critical. The affected element is the function efc_nport_vport_del. The manipulation leads to use after free. This vulnerability is documented as CVE-2024-49852. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-49850 | Linux Kernel up to 6.1.112/6.6.53/6.10.12/6.11.1 bpf null pointer dereference (Nessus ID 213470 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.1.112/6.6.53/6.10.12/6.11.1. It has been classified as critical. This impacts an unknown function of the component bpf. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2024-49850. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-47757 | Linux Kernel up to 6.11.1 nilfs2 nilfs_btree_check_delete buffer overflow (Nessus ID 212926 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.11.1. This vulnerability affects the function nilfs_btree_check_delete of the component nilfs2. Executing a manipulation can lead to buffer overflow. This vulnerability is handled as CVE-2024-47757. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-47756 | Linux Kernel up to 6.11.1 PCI ks_pcie_quirk null pointer dereference (Nessus ID 213056 / WID-SEC-2024-3251)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.11.1. It has been rated as critical. This affects the function ks_pcie_quirk of the component PCI. Performing a manipulation results in null pointer dereference. This vulnerability is known as CVE-2024-47756. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-1140 | UTT 进取 520W 1.7.7-180627 /goform/ConfigExceptAli strcpy buffer overflow

Vuldb Updates
3 months 1 week ago
A vulnerability was found in UTT 进取 520W 1.7.7-180627 and classified as critical. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. This vulnerability is known as CVE-2026-1140. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

梆梆安全泰防实验室获评2025网安“金帽子”年度优秀团队品牌,以技术实力护航智能网联汽车安全

嘶吼
3 months 1 week ago

近日,由嘶吼安全产业研究院主办的2025网络安全“金帽子”年度评选结果正式公布。作为国内网安领域的年度盛事,本届评选紧扣数据安全治理、AI创新落地与基础设施防护等关键方向,见证了产业生态与技术自主性的持续提升。活动共吸引上百家企业参与,收录185项奖项,累计收到有效投票超6万张。

梆梆安全泰防实验室凭借在车联网与物联网领域的持续深耕与扎实成果,荣膺 “年度优秀团队品牌” 奖项。

梆梆安全泰防实验室

作为国内最早一批布局汽车网络安全和数据安全产业的厂商,梆梆安全早在2016年就成立了安全研究院,专注于智能网联汽车的网络安全和数据安全能力的研究与实践应用。2023年7月成立专业的车联网技术研究团队“泰防实验室”,凝聚国内系统安全技术、IoT安全、移动安全等车联网行业的专家资源和优势力量,致力打造智能网联汽车产业发展的安全能力标杆,深度参与国内外车联网信息安全相关的标准法规的制定和解读,在安全咨询、安全开发、安全防护、渗透测试、安全合规评估等方向,推出了面向智能网联汽车的完整安全能力产品体系,为智能网联汽车产业提供有力的全业务支撑。迄今已服务头部车企、Tier1零部件供应商等大量专业物联网客户及智能网联汽车项目,致力于保障车辆全生命周期的网络安全,为推动车联网生态圈高质量发展深度赋能。

成果产出

实验室基于深厚的技术积累,形成了完整的安全能力产品体系,主要包括:汽车信息安全合规检测与渗透服务、车联网安全合规咨询服务、汽车信息安全测试系统、物联网检测与渗透服务等。这些系统平台与服务方案能够有效支持车载终端、通信协议、云平台以及智能终端的全方位安全测试与风险评估,助力企业提升安全防护水平。

标准建设

深度参与5项国家标准和2项团体标准的制定工作,展现了在行业规范方面的引领作用,全面覆盖汽车信息安全的多个关键领域,包括:GB/T 40861-2021《汽车信息安全通用技术要求》、GB/T 41578-2022《电动汽车充电系统信息安全技术要求及试验方法》、GB 44495-2024《汽车整车信息安全技术要求》等。

权威认证

凭借在网络安全领域的深厚技术积累与持续创新,泰防实验室构建了体系完备的资质认证与荣誉体系,已通过中国合格评定国家认可委员会(CNAS)的严格评审,依据GB/T 40856-2021、GB/T 40857-2021两项国家标准,具备了在汽车网关及车载信息系统领域的完整检测能力,出具的检测报告具有国际权威性与公信力,标志着实验室的质量管理水平与检测技术能力已达到国际认可标准。

展望未来,梆梆安全泰防实验室将持续深耕智能网联汽车安全前沿,在自动驾驶安全、数据隐私合规、新型通信协议及智能钥匙防护等关键领域深化探索与技术攻关。我们致力于持续精进技术能力、完善服务体系,以坚实的专业力量护航车联网产业行稳致远,共同构建可信、可靠的智慧出行新生态。

梆梆安全

2025 年出生人口低于 800 万

Solidot
3 months 1 week ago
国家统计局公布了最新的人口统计数据。2025 年末全国人口 140489 万人,全年出生人口 792 万人、死亡人口 1131 万人,人口总量同比减少 339 万人。人口出生率 5.63‰,死亡率 8.04‰,自然增长率为 -2.41‰。从性别构成看,男性人口 71685 万人,女性人口 68804 万人,总人口性别比为 104.19。从年龄构成看,16—59 岁人口 85136 万人,占全国人口的比重为 60.6%;60 岁及以上人口 32338 万人,占全国人口的 23.0%,其中 65岁及以上人口 22365 万人,占全国人口的 15.9%。从城乡构成看,城镇常住人口 95380 万人,比上年末增加 1030 万人;乡村常住人口 45109 万人,减少 1369 万人;城镇人口占全国人口的比重为 67.89%。从受教育程度看,16—59 岁人口平均受教育年限达到 11.3 年 ,比上年提高 0.1年。

Managed ad