Aggregator

A vulnerability was found in Wheatblog 1.1. It has been classified as problematic. This affects an unknown function of the file add_comment.php. This manipulation causes basic cross site scripting. This vulnerability appears as CVE-2006-5921. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Wheatblog 1.1. It has been declared as problematic. This impacts an unknown function of the file index.php of the component Error Message Handler. Such manipulation leads to information disclosure. This vulnerability is traded as CVE-2006-5922. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Chris Mac GimeScripts Shopping Catalog up to 0.9.1. It has been rated as critical. Affected is an unknown function of the file index.php. Performing a manipulation of the argument custom results in file inclusion. This vulnerability is known as CVE-2006-5923. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Microsoft считает, что всё нормально.

Name: UMDCTF 2026 (an UMDCTF event.)
Date: April 24, 2026, 10 p.m. — 26 April 2026, 22:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://umdctf.io/
Rating weight: 85.48
Event organizers: UMDCSEC

关键词黑客攻击据非营利性安全组织 Shadowserver 称，超一万台暴露在互联网上的 Zimbra 协作套

关键词病毒最具毁灭性的计算机病毒 CIH（俗称 " 切尔诺贝利病毒 "）诞生 27 周年。

关键词AI近期 ，360集团公开披露了一个让人不安的事实：一个潜伏长达8年的Office远程代码执行漏洞，被评

当风险藏在语义组合之中，如何实现安全生成？复旦大学白泽智能团队提出 SafeRoPE，从位置关系出发，在 attention 中旋转“语义魔方”，实现内容级安全控制。

CVE-2026-6770 let attackers fingerprint Firefox and Tor users, even in Private mode. Firefox 150 and Tor Browser 15.0.10 fixed it. A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, and also impacted the Tor Browser. The flaw worked even when Tor’s New Identity feature was used, bypassing protections meant […]

Пожилая пара три недели переводила деньги аферистам, зная о мошеннических схемах.

360：漏洞利用正走向智能体化作战

360获评CNCERT网络安全应急服务甲级支撑单位！

A vulnerability described as critical has been identified in Apache MINA up to 2.0.27/2.1.10/2.2.5. The impacted element is the function AbstractIoBuffer.getObject. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2026-41409. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

Без сертифицированного решения для ЕСИА регистраторы не попадут в перечень допущенных к работе.

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.

速修复

速修复

HumanBug15 年实战经验，手把手教落地