Aggregator

A vulnerability marked as critical has been reported in langflow-ai langflow up to 1.7.0. Affected is the function download_profile_picture of the file /profile_pictures/ of the component Parameter Handler. The manipulation of the argument file_name leads to path traversal. This vulnerability is traded as CVE-2026-33497. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in DiceBear up to 9.4.1. Affected by this vulnerability is the function ensureSize of the component SVG Handler. The manipulation of the argument width/height results in incorrect regular expression. This vulnerability is known as CVE-2026-33418. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in DiceBear up to 5.4.3/6.1.3/7.1.3/8.0.2/9.4.0. Affected by this issue is the function createAvatar. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-33311. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in F5 NGINX Open Source and NGINX Plus. Affected is the function ngx_mail_auth_http_module of the component Response Header Handler. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2026-27651. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in F5 NGINX Open Source. This affects the function ngx_http_mp4_module. This manipulation causes integer overflow. This vulnerability appears as CVE-2026-27784. The attack requires local access. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in FreeIPMI up to 1.16.16. Impacted is an unknown function. Executing a manipulation can lead to buffer overflow. This vulnerability is handled as CVE-2026-33554. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability has been found in go-vikunja vikunja up to 2.1.x and classified as problematic. This affects an unknown function of the component Task ID Handler. This manipulation causes authorization bypass. The identification of this vulnerability is CVE-2026-33313. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in LibTIFF and classified as critical. This impacts the function putcontig8bitYCbCr44tile of the component TIFF File Parser. Such manipulation leads to integer overflow. This vulnerability is referenced as CVE-2026-4775. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in go-vikunja vikunja up to 2.1.x. It has been classified as critical. Affected is an unknown function of the component Caldav Endpoint. Performing a manipulation results in authentication bypass using alternate channel. This vulnerability is identified as CVE-2026-33315. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in go-vikunja vikunja up to 2.1.x. It has been declared as critical. Affected by this vulnerability is the function ResetPassword of the file /api/v1/user/password/token of the component Password Reset Handler. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2026-33316. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

Apple is alerting users of outdated iPhones and iPads via lock screen warnings about active web-based exploits, urging immediate software updates. Apple is sending lock screen alerts to users running outdated iOS and iPadOS versions, warning of active web-based attacks targeting their devices. The notifications urge users to install critical updates to stay protected, highlighting […]

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读整篇文章，抓住主要信息。 文章讲的是苹果公司向使用旧版iOS和iPadOS的用户发送锁屏警告，提醒他们存在基于网络的攻击。这些攻击利用了未修补的漏洞，可能窃取敏感数据。苹果建议用户立即更新软件，并提到一些具体的漏洞套件，比如Coruna和DarkSword。 接下来，我需要将这些信息浓缩到100字以内。要确保涵盖苹果发出警告、针对旧设备、存在网络攻击、建议更新软件以及提到的漏洞套件名称。 可能会这样组织句子：苹果向旧设备用户发送锁屏警告，提醒存在基于网络的攻击和漏洞套件Coruna及DarkSword的风险，建议立即更新软件以保护数据安全。 检查一下字数，确保不超过限制，并且信息准确无误。 Apple向使用旧版iOS和iPadOS的用户发送锁屏警告，提醒存在基于网络的攻击和漏洞套件Coruna及DarkSword的风险，建议立即更新软件以保护数据安全。

关注本号，每天洞见真实情报世界。2025 年 5 月 10 日，印度空军完成了它有史以来最深入的对巴空袭。

A vulnerability was found in Endonesia eNdonesia Portal 8.7 and classified as critical. This affects an unknown part of the file banners.php. Such manipulation of the argument bid leads to sql injection. This vulnerability is documented as CVE-2019-25643. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Matri4Web Matrimony Website Script M-Plus. It has been classified as critical. This vulnerability affects unknown code of the file simplesearch_results.php of the component POST Parameter Handler. Performing a manipulation of the argument txtGender/religion/Fage/cboCountry results in sql injection. This vulnerability is reported as CVE-2019-25639. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Meeplace Business Review Script. It has been declared as critical. This issue affects some unknown processing of the file addclick.php. Executing a manipulation of the argument ID can lead to sql injection. This vulnerability appears as CVE-2019-25638. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Bootstrapy CMS. It has been rated as critical. Impacted is an unknown function of the file forum-thread.php of the component Parameter Handler. The manipulation of the argument thread_id leads to sql injection. This vulnerability is traded as CVE-2019-25642. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Netartmedia Vlog System. The affected element is the function forgotten_password of the file index.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. This vulnerability is known as CVE-2019-25641. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in Zeeways Jobsite CMS. This affects an unknown function of the file news_details.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2019-25636. The attack can be launched remotely. Moreover, an exploit is present.