Aggregator

Видеокарты нового поколения сделали массовый взлом дешевле.

往期推荐：2026年国际AI安全报告（五）3.3.技术保障和监控在AI开发和使用的不同阶段，企业会采用各种技

AI虽然能显著提升安全运营中心（SOC）的效率，但不能弥补其根本性缺陷，更不能替代人类分析师的专业判断。

Hacktron的首席技术官使用Opus 4.6完成了针对Chrome浏览器V8 JS引擎的漏洞利用。

奇安信威胁情报中心监测到，攻击者趁着DeepSeek TUI项目热度上升，开始混水摸鱼，在Github上构造仿冒仓库，投递恶意软件。

A vulnerability described as critical has been identified in labring FastGPT up to 4.14.16. Affected is the function fetchData of the component HTTP Request Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-44286. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Emlog up to 2.6.10. This impacts an unknown function. Performing a manipulation results in cross-site request forgery. This vulnerability is known as CVE-2026-42286. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in labring FastGPT up to 4.14.16. This affects an unknown function of the component URL Handler. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-44284. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in anzory SolidCAM-GPPL-IDE up to 1.0.1. The impacted element is an unknown function of the component VMID Parser. This manipulation causes resource consumption. This vulnerability appears as CVE-2026-42212. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in roadiz core-bundle-dev-app up to 2.3.42/2.5.44/2.6.30/2.7.17. The affected element is the function OAuth2LinkGenerator::generate. The manipulation results in insufficient verification of data authenticity. This vulnerability is reported as CVE-2026-42206. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Syslifters sysreptor 2024.40/2025.83/2025.102/2026.27. It has been rated as critical. Impacted is an unknown function of the file /admin. The manipulation leads to improper privilege management. This vulnerability is documented as CVE-2026-44987. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in labring FastGPT up to 4.14.11. It has been declared as critical. This issue affects the function isInternalAddress of the file packages/service/common/system/utils.ts. Executing a manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2026-42345. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in labring FastGPT up to 4.14.11. It has been classified as problematic. This vulnerability affects the function isInternalAddress of the file packages/service/common/system/utils.ts. Performing a manipulation results in time-of-check time-of-use. This vulnerability is cataloged as CVE-2026-42344. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Syslifters sysreptor 2024.40/2025.83/2025.102 and classified as problematic. This affects an unknown part of the file /admin/pentests/usernotebookpage/. Such manipulation leads to authorization bypass. This vulnerability is listed as CVE-2026-42291. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Cilium up to 1.17.14/1.18.8/1.19.2 and classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2026-41520. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in gitroomhq postiz-app up to 2.21.6. Affected by this vulnerability is an unknown functionality of the file /p/?share=true. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-42556. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Emlog up to 2.6.10. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-42287. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in anzory SolidCAM-GPPL-IDE up to 1.0.1. This impacts an unknown function. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-42213. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in halfgaar FlashMQ up to 1.26.0. This affects the function set_retained_message_defer_timeout. Performing a manipulation results in divide by zero. This vulnerability was named CVE-2026-42209. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in ray-project ray up to 2.54.x. The impacted element is the function cloudpickle.loads. Such manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2026-41486. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.