Aggregator

A vulnerability categorized as problematic has been discovered in NetDrive 2.6.12. This affects an unknown function of the component Netdrive2_Service_Netdrive2 Service. Such manipulation leads to unquoted search path. This vulnerability is referenced as CVE-2016-20092. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability was found in Iperiusremote Iperius Remote 1.7.0. It has been rated as problematic. The impacted element is an unknown function of the component Installation Handler. This manipulation causes unquoted search path. The identification of this vulnerability is CVE-2016-20089. The attack can only be executed locally. Furthermore, there is an exploit available.

A vulnerability was found in Networkdls Fortitude HTTP 1.0.4.0. It has been declared as problematic. The affected element is an unknown function. The manipulation results in unquoted search path. This vulnerability was named CVE-2016-20087. The attack needs to be approached locally. In addition, an exploit is available.

A vulnerability was found in NI grpc-device and InstrumentStudio up to 2.17.0. It has been classified as problematic. Impacted is an unknown function of the component Data Moniker Service. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2026-48139. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Vembu StoreGrid 4.0 and classified as problematic. This issue affects some unknown processing of the component RemoteBackup_webServer Service. Executing a manipulation can lead to unquoted search path. This vulnerability is handled as CVE-2016-20086. It is possible to launch the attack on the local host. Additionally, an exploit exists.

A vulnerability has been found in NI grpc-device and InstrumentStudio up to 2.17.0 and classified as problematic. This vulnerability affects unknown code of the component Message Handler. Performing a manipulation results in incorrect type conversion. This vulnerability is known as CVE-2026-48140. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in Flexera FlexNet Manager Suite 2025 R1. This affects an unknown part of the component Setting Handler. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-4026. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in NI grpc-device and InstrumentStudio. Affected by this issue is some unknown functionality of the component Streaming API. This manipulation causes out-of-bounds read. This vulnerability appears as CVE-2026-48138. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Apache APISIX up to 3.16.0. Affected by this vulnerability is an unknown functionality of the component Upstream Service. The manipulation results in authentication bypass by spoofing. This vulnerability is reported as CVE-2026-49231. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Apache APISIX up to 3.16.0. Affected is an unknown function. The manipulation leads to improper validation of integrity check value. This vulnerability is documented as CVE-2026-49230. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.18.35/7.0.12. This impacts the function vti6_init_net of the component ip6_vti. Executing a manipulation can lead to improper initialization. This vulnerability is registered as CVE-2026-52909. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 7.0.12. This affects the function sk_reuseport_prog_free of the file net/core/sock_reuseport.c of the component bpf. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-52910. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.142/6.12.93/6.18.35/7.0.12. The impacted element is the function ib_umem_check_rereg of the component RDMA. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-52908. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in pontedilana php-weasyprint up to 2.5.x. The affected element is the function removeTemporaryFiles. This manipulation of the argument temporaryFiles causes file inclusion. This vulnerability is tracked as CVE-2026-49358. The attack is restricted to local execution. No exploit exists. You should upgrade the affected component.

加州亿万富翁税提案获得足够签名达到在 11 月公投的资格。亿万富翁税（California Billionaire Tax Act）将对任何身价逾 10 亿美元的加州居民一次性征收 5% 的税，该税将用于医保和教育等项目。加州是全美亿万富翁人数最多的州，总数超过 200 人，很多人在 AI 热下积累了巨额财富。该税遭到了加州亿万富翁们的强烈反对，Google 联合创始人 Sergey Brin 一人至少投入了 8200 万美元反对该税，并搬到了靠近加州的内华达州居住。Palantir 联合创始人 Peter Thiel、Google 前 CEO Eric Sc​​hmidt、加密货币亿万富翁 Chris Larsen 以及DoorDash CEO Tony Xu 等也捐出了数百万美元反对该税。英伟达 CEO 黄仁勋则对该税没有异议，称会继续居住在加州。尽管提案已获得足够的签名，但相关组织必须在 6 月 25 日之前决定是否继续推进，或者与州政府达成协议。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

CISA has added a critical LiteSpeed cPanel Plugin vulnerability, tracked as CVE-2026-54420, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw affects shared hosting environments and poses a significant risk to servers running CloudLinux with CageFS isolation. The vulnerability is classified as a UNIX symbolic link (symlink) […]

The post CISA Adds LiteSpeed cPanel Plugin Vulnerability to KEV List Following Active Exploitation appeared first on Cyber Security News.

很多人可能没有意识到，自己手里的手机、家里的电视盒子，都有可能在后台悄悄被接入商业住宅代理网络，替第三方转发网

Critical security flaws discovered in widely used Chrome extensions SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser sessions and potentially access sensitive data across websites and local systems. Security researchers at Rebora Security uncovered vulnerabilities dubbed “Spyder” and “MaXSS” affecting AI-powered “agentic side panel” extensions. These tools, […]

The post Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers appeared first on Cyber Security News.