Linux 7.0-rc1 释出
Linus Torvalds 在内核邮件列表上宣布释出 Linux 7.0-rc1。主要变化包括:支持英特尔即将推出的新 CPU Nova Lake 和 Diamond Rapids,以及 AMD Zen 6 CPU 及其下一代 GPU,高通 Snapdragon X2;增强文件系统,改进 exFAT 的顺序读取性能,EXT4 并发直接 I/O 写入性能;对 Rust 语言的支持不再是实验性质;等等。
Aggregator
Romanian hacker pleads guilty to selling access to Oregon state networks
4 months ago
A Romanian man pleaded guilty to selling admin access to Oregon’s state network for $3,000 in Bitcoin and repeatedly accessing it to prove control. Catalin Dragomir (45) from Romania, pleaded guilty in the U.S. for selling unauthorized admin access to an Oregon state emergency management network. He gained access in June 2021, advertised it, and […]
Pierluigi Paganini
Идеальный сотрудник: не просит страховку и спонсирует армию КНДР. В США вынесли приговор организатору схемы
4 months ago
Фигурант дела помогал гражданам КНДР работать на американском рынке удаленки.
雏鸡也存在 Bouba/Kiki 效应
4 months ago
人类会将无意义的单词与形状联系起来,比如 bouba 会与圆滑形状联系起来,而 kiki 会与尖角形状联系起来,这种语言学现象被称为 Bouba/Kiki 效应。根据发表在《科学》期刊上的一项研究,对刚出生雏鸡的测试显示,小鸡也存在 Bouba/Kiki 效应:刚出生 3 日的小鸡和刚出生 1 日的小鸡在听到 kiki 声音之后会自发选择尖角形状,听到 bouba 声音之后会选择圆滑形状。这一发现表明可能存在某种匹配形状和声音的先天机制,并且普遍存在于不同物种中,其历史渊源可能比我们以为的古老得多。
CVE-2026-3028 | erzhongxmu JEEWMS up to 3.7 JeecgListDemoController.java doAdd Name cross site scripting
4 months ago
A vulnerability, which was classified as problematic, has been found in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting.
This vulnerability appears as CVE-2026-3028. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-3027 | erzhongxmu JEEWMS up to 3.7 UEditor getContent.jsp myEditor cross site scripting
4 months ago
A vulnerability classified as problematic was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting.
This vulnerability is reported as CVE-2026-3027. The attack can be launched remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-3026 | erzhongxmu JEEWMS 3.7 UEditor getRemoteImage.jsp upfile server-side request forgery
4 months ago
A vulnerability classified as critical has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery.
This vulnerability is documented as CVE-2026-3026. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
INC
4 months ago
You must login to view this content
cohenido
Apache ActiveMQ Exploit Leads to LockBit Ransomware
4 months ago
Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon. This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java Spring […]
The post Apache ActiveMQ Exploit Leads to LockBit Ransomware appeared first on The DFIR Report.
editor
INC
4 months ago
You must login to view this content
cohenido
Submit #756527: erzhongxmu JEEWMS ≤3.7 Reflected XSS [Accepted]
4 months ago
Submit #756527 / VDB-347384
din4
Submit #756523: erzhongxmu JEEWMS <= 3.7 Reflected XSS [Accepted]
4 months ago
Submit #756523 / VDB-347383
din4
Submit #756522: erzhongxmu JEEWMS ≤3.7 Server-Side Request Forgery [Accepted]
4 months ago
Submit #756522 / VDB-347382
din4
CVE-2026-3025 | ShuoRen Smart Heating Integrated Management Platform 1.0.0 ExampleNodeService.asmx File unrestricted upload
4 months ago
A vulnerability described as critical has been identified in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload.
This vulnerability is registered as CVE-2026-3025. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #756377: Student Grades Management System 1.0 Stored XSS [Duplicate]
4 months ago
Submit #756377 / VDB-327602
0day_dz
Lenovo adds new AI-driven edge systems to ThinkEdge portfolio
4 months ago
Lenovo expanded its ThinkEdge portfolio with a new generation of AI-driven edge computing solutions, including the compact and reliable ThinkEdge SE10n Gen 2, the AI-ready ThinkEdge SE30n Gen 2, the AI-powerhouse ThinkEdge SE60n Gen 2, and Lenovo’s first industrial all-in-one (AIO) Panel PC, the ThinkEdge SE50a. As enterprises push intelligence closer to operations to improve resilience, reduce latency, and keep sensitive data local, edge computing has become a critical layer between devices, infrastructure, and cloud. … More →
The post Lenovo adds new AI-driven edge systems to ThinkEdge portfolio appeared first on Help Net Security.
Industry News
Submit #756376: 北京硕人时代科技股份有限公司 北京硕人时代智慧供热平台 1.0.0 未登录下文件上传以及下载 [Accepted]
4 months ago
Submit #756376 / VDB-347381
zsmaaa
CVE-2025-59873 | HCL ZIE for Web 16 URL Query Parameter information disclosure (KB0128902)
4 months ago
A vulnerability marked as problematic has been reported in HCL ZIE for Web 16. Affected is an unknown function of the component URL Query Parameter Handler. Performing a manipulation results in information disclosure.
This vulnerability is cataloged as CVE-2025-59873. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
Top Technology Stacks for MVP Development in 2026
4 months ago
Top technology stacks for MVP development in 2026, best tools for fast launch, scalability, cost efficiency, and proven frameworks for startups building products.
Owais Sultan
Submit #756375: Github Warehouse Management System V1.0 SQL Injection [Duplicate]
4 months ago
Submit #756375 / VDB-341628
qiahao