Aggregator

Submit #743386 / VDB-344502

台积电董事长兼首席执行官（CEO）魏哲家表示，考虑在目前在熊本县建设的第二工厂生产日本国内首批 3 纳米制程最尖端半导体。台积电正在熊本县菊阳町建设第二工厂，原计划生产 6 纳米制程半导体，今后将就变更计划展开磋商。毗邻第二工厂用地的第一工厂目前生产 12 至 28 纳米制程半导体，已于 2024 年 12 月启动量产。

A vulnerability, which was classified as problematic, has been found in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. This vulnerability is cataloged as CVE-2026-1978. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should change the configuration settings.

卡特中心宣布，麦地那龙线虫病正接近根除，根据初步统计数据，2025 年全球感染病例仅 10 例。如果能彻底根除，那么它将是天花之后被人类根除的第二种疾病。麦地那龙线虫（Dracunculus medinensis）是一种通过水传播的寄生线虫。如果人饮用了被麦地那龙线虫污染的水，寄生虫会钻入肠道在人体内移动。感染者起初没有症状。大约一年后，母虫会在下肢的皮肤上形成水疱，大约八周后一条意大利面条长度的虫体会从水疱中钻出。除了剧痛之外，麦地那龙线虫病还会导致继发感染和败血症等并发症，造成暂时性或永久性残疾。麦地那龙线虫根除计划于 1986 年启动，当时非洲和亚洲 21 个国家估计有 350 万例病例，2024 年病例数降为 15 例，2025 年的 10 例分别为：乍得 4 例，埃塞俄比亚 4 例，南苏丹 2 例。要彻底根除还必须消灭动物感染病例，2025 年动物感染病例有数百例：乍得（147 例）、马里（17 例）、喀麦隆（445 例）、安哥拉（70 例）、埃塞俄比亚（1 例）和南苏丹（3例）。

Submit #743377 / VDB-344501

A vulnerability classified as critical was found in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the argument vegalite_specification leads to code injection. This vulnerability is listed as CVE-2026-1977. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

Submit #743260 / VDB-344500

A vulnerability classified as problematic has been found in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-1976. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to install a patch to address this issue.

A vulnerability described as problematic has been identified in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2026-1975. The attack can be executed remotely. Additionally, an exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability marked as problematic has been reported in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-1974. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability labeled as problematic has been found in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-1973. The attack may be launched remotely. Furthermore, there is an exploit available. It is best practice to apply a patch to resolve this issue.

Опубликованы технические подробности эксплуатации ошибки CVE-2025-49825 в платформе Teleport.

Submit #743246 / VDB-344499

Submit #743239 / VDB-344498

Submit #743238 / VDB-344497

Submit #743237 / VDB-344496

Submit #743236 / VDB-344495

Администратор получил длительный срок за организацию наркобизнеса под видом онлайн-магазина.

Cellebrite data confirms digital evidence is now central to almost all cases

A vulnerability identified as problematic has been detected in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2026-1972. The attack may be initiated remotely. In addition, an exploit is available. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website."