Aggregator

Представители индустрии рискуют оказаться запертыми в тесном цифровом контуре.

A vulnerability was found in Huawei HarmonyOS 6.1.0. It has been classified as critical. This affects an unknown function of the component Package Management Module. Performing a manipulation results in improper access controls. This vulnerability is known as CVE-2026-41984. Attacking locally is a requirement. No exploit is available.

A vulnerability was found in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0 and classified as critical. The impacted element is an unknown function of the component IPC Module. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-41982. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0 and classified as critical. The affected element is an unknown function of the component IPC Module. This manipulation causes heap-based buffer overflow. This vulnerability appears as CVE-2026-41981. The attack requires local access. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Huawei HarmonyOS and EMUI 4.0.0/4.2.0/4.3.0/4.3.1. Impacted is an unknown function of the component Log Service. The manipulation results in integer overflow. This vulnerability is reported as CVE-2026-41977. The attack requires a local approach. No exploit exists.

A vulnerability, which was classified as critical, has been found in Huawei HarmonyOS and EMUI. This issue affects some unknown processing. The manipulation leads to permission issues. This vulnerability is documented as CVE-2026-41976. The attack needs to be performed locally. There is not any exploit available.

A vulnerability classified as critical was found in Huawei HarmonyOS and EMUI. This vulnerability affects unknown code of the component Notifications Handler. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2026-41974. The attack needs to be launched locally. No exploit is available.

A vulnerability classified as problematic has been found in Huawei HarmonyOS and EMUI. This affects an unknown part. Performing a manipulation results in business logic errors. This vulnerability is cataloged as CVE-2026-41973. The attack must be initiated from a local position. There is no exploit available.

A vulnerability described as critical has been identified in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0. Affected by this issue is some unknown functionality. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-41972. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Huawei HarmonyOS 6.0.0/6.1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes improper resource management. This vulnerability is tracked as CVE-2026-41983. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in QNAP QTS and QuTS hero. Affected is an unknown function. The manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-62858. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

Check Point 警告称，一个影响 Remote Access VPN 和 Mobile Access 部署的严重漏洞正遭到活跃利用，这些部署配置使用了已弃用的 IKEv1 密钥交换协议。 该漏洞编号为 CVE-2026-50751（CVSS 评分：9.3），是证书验证中的逻辑流缺陷，允许未经身份验证的远程攻击者绕过用户身份验证，在无需有效用户密码的情况下建立远程访问 VPN 连接...

美国网络安全和基础设施安全局（CISA）周一将影响 BerriAI LiteLLM 的一个高危漏洞添加到其已知被利用漏洞（KEV）目录中，并引用了活跃利用的证据。 该漏洞编号为 CVE-2026-42271（CVSS 评分：8.7），是一个命令注入漏洞，可能允许任何经过身份验证的用户在主机上执行任意命令。 它影响以下版本的 LiteLLM Python 包： = 1.74.2 < ...

Вместо аккуратной физики ему дали хаос. Так робот научился играть в аэрохоккей в реальном мире.

Сегодня наряду с атаками, связанными с эксплуатацией уязвимостей, все чаще встречаются сценарии, в которых злоумышленники используют штатные возможности API для получения доступа к данным, создания избыточной нагрузки или извлечения коммерческой выгоды из чужих данных.

A vulnerability identified as problematic has been detected in QNAP QTS and QuTS hero. This impacts an unknown function. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-41539. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as very critical has been discovered in zephyrproject-rtos Zephyr up to 4.3.0. This affects the function strlen of the component WebSocket Upgrade Handler. Executing a manipulation can lead to improper null termination. The identification of this vulnerability is CVE-2026-5067. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in degit up to 2.8.5/3.3.0. It has been rated as critical. The impacted element is the function exec. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-11572. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Custom Block Builder Plugin up to 4.2.x on WordPress. It has been declared as problematic. The affected element is an unknown function of the component Installation Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-8981. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in WPForms Plugin 1.9.1.6/1.9.2.3/1.10.0.1 on WordPress. It has been classified as critical. Impacted is an unknown function of the component Transaction Handler. This manipulation causes missing authorization. This vulnerability is handled as CVE-2026-4986. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.