Aggregator

CVE-2026-31531 | Linux Kernel up to 6.12.82/6.18.23/6.19.13 ipv4 net/ipv4/nexthop.c rtm_get_nexthop allocation of resources (EUVD-2026-25218)

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13. Affected by this vulnerability is the function rtm_get_nexthop of the file net/ipv4/nexthop.c of the component ipv4. Executing a manipulation can lead to allocation of resources. This vulnerability appears as CVE-2026-31531. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2026-3960 | h2oai h2o-3 up to 3.46.0.9/3.46.0.10 REST API Endpoint /99/ImportSQLTable jdbc:postgresql code injection (EUVD-2026-25205)

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability classified as critical has been found in h2oai h2o-3 up to 3.46.0.9/3.46.0.10. Affected is the function jdbc:postgresql of the file /99/ImportSQLTable of the component REST API Endpoint. Performing a manipulation results in code injection. This vulnerability is reported as CVE-2026-3960. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CISA Adds One Known Exploited Vulnerability to Catalog

CISA News
1 month 4 weeks ago

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria

CISA

盖茨基金会准备裁员,正在审查与爱泼斯坦的关联

Solidot
1 month 4 weeks ago
由于基金会主席比尔盖茨与已故性侵犯爱泼斯坦(Jeffrey ​Epstein)之间的关系,盖茨基金会最近深陷争议。它在周二宣布已委托外部机构对该基金会与爱泼斯坦之间关联进行审查,预计夏天会收到相关评估报告。美国司法部今年一月公布的文件显示爱泼斯坦曾与基金会的员工有过通信,文件还包括盖茨与爱泼斯坦以及被涂黑女性之间合影。盖茨之后声明与爱泼斯坦的关系仅限于慈善事业,称与他见面是一个错误,否认与爱泼斯坦性侵犯案受害者有过接触。盖茨基金会据报道还计划在 2030 年前裁掉约五分之一或 200 名员工。

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

The Hackers News
1 month 4 weeks ago
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can. Mythos Preview, the model that led to Project Glasswing, found
The Hacker News

Managed ad