Aggregator

Submit #807541 / VDB-360905

Submit #807539 / VDB-360904

Мессенджер не отличал .docx от .exe. И вот чем это обернулось…

Submit #807538 / VDB-360903

A vulnerability identified as critical has been detected in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. This vulnerability is handled as CVE-2026-7727. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

威胁情报生态系统的产出与共享 by ourren

Gemini Enterprise Agent Platform — Govern 深度技术解析 by ourren

nginxpulse: 轻量级 Nginx 访问日志分析与可视化面板 by ourren

本体：大模型的语义操作系统 by ourren

人工智能的软件基础（复旦大学2026年春季学期） by ourren

SoftwareCopyright-Skill: 中国软件著作权申请材料Skills by ourren

更多最新文章，请访问SecWiki

Submit #803268 / VDB-360902

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.3.12/6.4.3. This affects the function ufshcd_queuecommand of the file drivers/ufs/core/ufshcd.c. Performing a manipulation results in double free. This vulnerability is cataloged as CVE-2023-53510. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.2.15/6.3.2. Impacted is the function amdgpu_cs_submit. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-53228. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Open CASCADE Technology OCCT 8.0.0.rc5. It has been classified as problematic. This impacts the function Geom2d_BSplineCurve::EvalD0. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-42481. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Linux Kernel up to 6.6.135/6.12.82/6.18.23/6.19.13/7.0.0. It has been rated as critical. This issue affects the function vidtv_ts_null_write_into of the component media. The manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-43058. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. This vulnerability is traded as CVE-2026-7598. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability, which was classified as problematic, has been found in Open CASCADE Technology OCCT 8.0.0.rc5. Impacted is the function VrmlData_IndexedFaceSet of the file libTKDEVRML.so of the component VRML File Handler. This manipulation causes denial of service. The identification of this vulnerability is CVE-2026-42478. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Open CASCADE Technology OCCT 8.0.0.rc5. It has been declared as problematic. Affected is the function Standard_ReadLineBuffer::ReadLine of the component OBJ File Parser. The manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-42477. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Open CASCADE Technology OCCT 8.0.0.rc5. This issue affects the function Standard_ReadLineBuffer::ReadLine. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2026-42476. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability was found in Open CASCADE Technology OCCT 8.0.0.rc5. It has been rated as problematic. Affected by this vulnerability is the function VrmlData_IndexedLineSet of the component VRML Parser. This manipulation of the argument coordIndex causes out-of-bounds read. This vulnerability is registered as CVE-2026-42479. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as problematic has been discovered in Open CASCADE Technology OCCT 8.0.0.rc5. Affected by this issue is the function VrmlData_Scene of the component VRML Parser. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-42480. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Wireshark up to 4.6.4. The impacted element is an unknown function of the component IEEE 802.11 Protocol Dissector. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-6525. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet  73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations   An alarm clock you can’t ignore: How CapFix attacks […]

微软的编辑器 VS Code 被发现默认在 commit 中插入了 Co-Authored-by Copilot，不管用户有没有使用其 AI 助手 Copilot。此事再次在用户中引发了大量批评。微软开发者回应称他们将会在下个版本中解决默认启用的问题，称如果用户没有使用 AI 助手那么就不应该说代码是 Copilot 合作编写的。