Aggregator

根据 VulnCheck 的研究结果，Langflow（一个用于构建人工智能（AI）应用程序的开源低代码平台）中存在一个高严重性的未修复安全漏洞，已在野外遭到活跃利用。该漏洞编号为 CVE-2026-5027（CVSS 评分：8.8），是一个路径遍历漏洞，可能允许攻击者将文件写入任意位置。发现该漏洞的 Tenable 在 2026 年 3 月下旬发布的一则警报中表示："'POST /api/v2/...

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]

Life Biosciences впервые ввела человеку экспериментальный препарат ER-100.

A vulnerability classified as problematic has been found in Apple macOS up to 12.3. This issue affects some unknown processing of the component Login Window. Performing a manipulation results in state issue. This vulnerability is identified as CVE-2022-48575. The attack may be carried out on the physical device. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Yoast Duplicate Post up to 4.6. This vulnerability affects the function duplicate_post_dismiss_notice. Such manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2026-53739. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in bplugins Easy Twitter Feeds Plugin up to 1.2.12 on WordPress. This affects the function duplicate_post of the component Link Handler. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2026-53736. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Palo Alto GlobalProtect App and GlobalProtect UWP App up to 6.2.8-h1/6.3.3-h0. Affected by this issue is some unknown functionality of the component Configuration Handler. The manipulation results in sensitive information in log files. This vulnerability was named CVE-2026-0267. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Inisev Copy & Delete Posts up to 1.5.4. Affected by this vulnerability is an unknown functionality of the component AJAX Handler. The manipulation of the argument f leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-53738. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in fedify-dev fedify and vocab-runtime. Affected is the function validatePublicUrl of the component URL Validation Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-50131. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Eugeny russh up to 0.60.2. It has been rated as problematic. This impacts an unknown function of the component Compression Handler. Performing a manipulation results in allocation of resources. This vulnerability is known as CVE-2026-46673. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Palo Alto Prisma Access Agent up to 26.2.0 on Linux. It has been declared as problematic. This affects an unknown function. Such manipulation leads to improper protection of alternate path. This vulnerability is traded as CVE-2026-0268. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes improper neutralization of special elements used in an expression language statement. This vulnerability appears as CVE-2026-40985. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in quantumcloud Simple Link Directory Plugin up to 9.0.4 and classified as problematic. The affected element is an unknown function of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-53742. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in quantumcloud Simple Link Directory Plugin up to 9.0.4 on WordPress and classified as problematic. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-53741. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Yoast Duplicate Post Plugin up to 4.6 on WordPress. This issue affects some unknown processing of the component Title Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2026-53740. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Eugeny russh up to 0.60.x. This vulnerability affects the function Vec::with_capacity. Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2026-48107. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Eugeny russh up to 0.60.x. This affects an unknown part. Such manipulation leads to improper authentication. This vulnerability is listed as CVE-2026-46705. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Kanidm up to 1.9.2. Affected by this issue is the function std::process::abort of the file /scim/v1 of the component PEG Parser. This manipulation causes uncaught exception. This vulnerability is tracked as CVE-2026-46689. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in openvm-org openvm up to 1.5.x. Affected by this vulnerability is an unknown functionality. The manipulation results in improper input validation. This vulnerability is identified as CVE-2026-46669. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.