Aggregator

Submit #735544 / VDB-341740

Submit #735543 / VDB-341739

A vulnerability marked as critical has been reported in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. This vulnerability is tracked as CVE-2026-1145. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to install a patch to address this issue.

A vulnerability labeled as critical has been found in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. This vulnerability is identified as CVE-2026-1144. The attack can be executed remotely. Additionally, an exploit exists. Applying a patch is advised to resolve this issue.

Submit #735541 / VDB-332582

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ukraine–Germany operation targets Black Basta, Russian leader wanted China-linked APT UAT-8837 targets North American critical infrastructure […]

Submit #735539 / VDB-341738

Submit #735538 / VDB-341737

Submit #735537 / VDB-341737

Submit #735342 / VDB-341599

Submit #735341 / VDB-341599

Submit #735340 / VDB-341599

Чтобы почта ожила, нужно своими руками снести защиту Windows.

本文针对大语言模型（LLM）的后训练安全机制进行了逆向分析与实测研究。作者对比了监督微调（SFT）、偏好对齐（DPO/IPO）及模型表示干预（Abliteration）三种技术路径在消除模型安全拒绝行为上的有效性。

活动时间：2026年1月20日（周二）晚上21:00-23:00 活动平台：智能化软件工程学术沙龙微信群

A vulnerability described as critical has been identified in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. This vulnerability is registered as CVE-2026-1119. It is possible to launch the attack remotely. Furthermore, an exploit is available.

海量岗位招聘｜阿里云安全保障团队期待你的加入

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.11.10/6.12.1. The impacted element is the function qcom_pcie_perst_deassert of the component qcom-ep. The manipulation leads to reachable assertion. This vulnerability is documented as CVE-2024-53153. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.11.10/6.12.1. The affected element is the function pex_ep_event_pex_rst_deassert of the component tegra194. Executing a manipulation can lead to reachable assertion. This vulnerability is registered as CVE-2024-53152. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 5.15.173/6.1.119/6.6.63/6.11.10/6.12.1. It has been rated as problematic. This affects the function xdr_check_write_chunk of the file net/sunrpc/xprtrdma/svc_rdma_recvfrom.c of the component svcrdma. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2024-53151. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.