Aggregator

Currently trending CVE - Hype Score: 1 - Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519.

Currently trending CVE - Hype Score: 12 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have ...

Honeywellが提供するIQ4x BMS Controllerには、重要な機能に対する認証の欠如の脆弱性が存在します。

Запускать новые станции стали на годы быстрее.

A vulnerability labeled as critical has been found in NLTK up to 3.9.3. This affects an unknown part. Executing a manipulation can lead to path traversal. This vulnerability is tracked as CVE-2026-33236. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in kelvinmo simplejwt up to 1.1.0. It has been classified as problematic. Affected by this vulnerability is the function JWE::decrypt. This manipulation causes resource consumption. This vulnerability is handled as CVE-2026-33204. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in NLTK up to 3.9.3. It has been declared as critical. Affected by this issue is the function nltk.app.wordnet_app. Such manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-33231. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability was found in Ruby json up to 2.19.1. It has been rated as critical. This affects the function allow_duplicate_key. Performing a manipulation results in format string. This vulnerability was named CVE-2026-33210. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in SiYuan up to 3.6.1. Affected by this issue is some unknown functionality of the component Incoming Message Handler. The manipulation of the argument auth keepalive results in uncaught exception. This vulnerability is cataloged as CVE-2026-33203. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in NLTK up to 3.9.3. This affects the function nltk.app.wordnet_app. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-33230. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability identified as critical has been detected in budibase up to 3.30.6. Affected is an unknown function of the file /api/queries/preview. Performing a manipulation results in server-side request forgery. This vulnerability was named CVE-2026-33226. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability labeled as problematic has been found in Nhost up to 0.11.x. Affected by this vulnerability is an unknown functionality of the component Storage Service. Executing a manipulation can lead to insufficient verification of data authenticity. The identification of this vulnerability is CVE-2026-33221. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in WebReflection flatted up to 3.4.1. Affected is the function parse of the component JSON Parser. The manipulation results in improperly controlled modification of object prototype attributes. This vulnerability is identified as CVE-2026-33228. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in avo-hq avo up to 3.30.2. It has been classified as problematic. This issue affects some unknown processing. The manipulation of the argument return_to leads to cross site scripting. This vulnerability is documented as CVE-2026-33209. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in barebox up to 2025.09.2/2026.03.0. It has been declared as critical. Impacted is an unknown function. The manipulation results in insufficient verification of data authenticity. This vulnerability is reported as CVE-2026-33243. The attack requires a local approach. No exploit exists. It is recommended to upgrade the affected component.

Владельцам систем остаётся только наблюдать за чужим сценарием.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先，我需要仔细阅读文章内容。文章主要讲的是Backdoor这个后门程序，它在内核级别运行，使用BPF被动检查流量，并在特定的数据包触发时启动。这样做的好处是不需要暴露端口或典型的C2指示器。 接下来，文章提到这种技术允许长期的持续性和隐蔽访问核心网络基础设施，而且从标准监控中很难发现。这说明它的隐蔽性和持久性很强。 然后，文章指出这是一个网络层后门设计的有趣案例，而不是传统的用户空间植入。这意味着它不同于常见的后门技术，可能更难以检测和防御。 现在，我需要将这些信息浓缩到一百个字以内。要确保涵盖主要点：内核级后门、BPF技术、被动检查流量、特定数据包触发、避免暴露端口和C2指标、长期持续性、隐蔽访问、标准监控难发现、网络层设计而非用户空间。 可能的结构是先说明Backdoor的工作机制和优势，然后提到其效果和独特性。例如：“Backdoor是一种内核级后门，利用BPF被动检查流量并在特定数据包触发时启动。它避免了暴露端口或典型C2指标，允许长期持续性和隐蔽访问核心网络基础设施，并且难以被标准监控发现。” 这样大约在100字左右。 检查一下是否遗漏了关键点：内核级、BPF、被动检查、特定数据包触发、避免暴露端口和C2指标、长期持续性、隐蔽访问、标准监控难发现、网络层设计而非用户空间。看起来都涵盖了。 最后，确保语言简洁明了，没有使用复杂的术语，让读者容易理解。 Backdoor是一种内核级后门技术,利用BPF被动检查网络流量并在特定数据包触发时启动,避免暴露端口或典型C2指标,实现长期持续性和隐蔽访问核心网络基础设施,且难以被标准监控发现。

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，抓住主要信息。 文章讲的是荷兰法院禁止马斯克旗下的xAI公司使用Grok工具生成和传播未经许可的人物裸露图像。去年12月和今年1月，X用户利用Grok创建并发布了未成年人和女性的裸露图像，这违反了公司的使用政策。随后，xAI限制了该功能。欧盟也在草案中禁止AI生成非自愿的图片和视频，可能今年晚些时候成为法律。 接下来，我需要将这些信息浓缩到100字以内。要确保包含主要事件：荷兰法院的裁决、xAI被禁止的行为、事件的时间点、以及欧盟的相关措施。 然后，我要组织语言，使其简洁明了。比如：“荷兰法院禁止马斯克旗下xAI在未经许可的情况下生成和传播人物裸露图像。此前有用户利用其Grok工具制作并发布未成年人和女性的裸露内容，引发抗议后xAI限制该功能。欧盟计划禁止AI生成非自愿图片和视频。” 这样刚好在100字左右，并且涵盖了所有关键点。 最后，检查一下是否有遗漏的重要信息，并确保语句通顺、准确。 荷兰法院禁止马斯克旗下xAI在未经许可的情况下生成和传播人物裸露图像。此前有用户利用其Grok工具制作并发布未成年人和女性的裸露内容，引发抗议后xAI限制该功能。欧盟计划禁止AI生成非自愿图片和视频。

WAGO GmbH & Co. KGが提供する複数の製品には、非公開機能を悪用される問題が存在します。

Opencode Systemsが提供するOC MessagingおよびUSSD Gatewayには、不適切なアクセス制御の脆弱性が存在します。