Aggregator

这次不幸中的万幸的是，特务逮捕老蒲下手下得早了一点。

cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, execute code, or escalate privileges on vulnerable systems. Below are the descriptions for these […]

A vulnerability marked as critical has been reported in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-8273. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. This vulnerability was named CVE-2026-8272. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2026-8271. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #810864 / VDB-362571

SecWiki周刊（第635期) by ourren

VoIP号码生态系统和黑产利用现状 by ourren

Maven 智能系统：美军 AI 作战平台的运作逻辑 by ourren

Marketplaces: RAY的私有Claude Code插件 by ourren

再论漏洞发现与分析工作的人机分工 by ourren

第二届智能渗透挑战赛答辩材料 by ourren

awesome-llm-supply-chain-security by ourren

更多最新文章，请访问SecWiki

Submit #810082 / VDB-362570

Submit #810079 / VDB-362569

Submit #810078 / VDB-362568

地理位置开源情报（OSINT）是现代调查方法论的关键组成部分，它专注于从公开数据中提取可操作的信息，以确定个人、实体或事件的地理位置。本质上，它利用散布在数字领域的大量信息，从社交媒体平台到卫星图像库，来揭示目标对象的空间维度。

A vulnerability categorized as problematic has been discovered in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2026-8270. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in Open5GS up to 2.7.7. It has been rated as problematic. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2026-8269. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in Open5GS up to 2.7.7. It has been declared as problematic. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2026-8268. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in Open5GS up to 2.7.7. It has been classified as problematic. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. This vulnerability appears as CVE-2026-8267. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in Open5GS up to 2.7.7 and classified as problematic. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. This vulnerability is reported as CVE-2026-8266. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

本文核心为，以色列军方利用人工智能驱动的目标定位系统，发动了针对黎巴嫩真X党的袭击，该系统融合了来自各种来源的

Submit #808488 / VDB-362567

Submit #808486 / VDB-362566

Submit #808485 / VDB-362565