Aggregator

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. This vulnerability is tracked as CVE-2026-5156. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-5155. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-5154. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The identification of this vulnerability is CVE-2026-5153. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. This vulnerability was named CVE-2026-5152. The attack may be initiated remotely. In addition, an exploit is available.

目前通过我们人脑进行设计越狱提示词是存在瓶颈以及空档期，为了更好更全面的实现大模型越狱测试，用AI生成Prompt来实现大模型越狱是个更好的方向

本文将结合关键代码，对 OpenClaw 低于 2026.2.14 版本中 Feishu 扩展存在的服务端请求伪造（SSRF）漏洞成因与官方修复方案进行简要分析，为相关开发者及安全从业人员提供参考。

A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’

先知社区2025年度&月度榜单

阿里集团安全部招聘安全攻防工程师

A vulnerability labeled as critical has been found in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5150. The attack can be launched remotely. Moreover, an exploit is present.

本文收集了软件安全赛2026线上初赛全部题的wp

Diligent launched of Third-Party Risk Intel, an agentic due diligence and intelligence solution that automates the most time-consuming steps of third-party reviews, delivering up to 80% time savings for compliance, legal, and procurement teams. The launch builds on the company’s recent acquisition of 3rdRisk, an AI-native third-party risk management solution that gives organizations a near real-time view of their external ecosystem, how critical vendors are performing, and what that means for their overall risk posture. … More →

The post Diligent automates time-consuming steps in third-party reviews appeared first on Help Net Security.

A vulnerability identified as critical has been detected in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. This vulnerability is handled as CVE-2026-5148. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. This vulnerability is known as CVE-2026-5147. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Cybersecurity strategy now shapes how enterprises design cloud platforms, application environments, and core infrastructure. The financial stakes are significant. The next step is architectural: turning zero-trust strategy into foundational systems that enforce it by design rather than as an afterthought. In private cloud environments, that shift matters. Segmentation – macro as well as micro –..

The post vDefend’s Built-in Advantage: Enable Closed-Loop Lateral Security for Zero-Trust Private Cloud appeared first on Security Boulevard.

报名开启｜2026阿里白帽大会议程发布

A vulnerability was found in NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Set Username Interface. The manipulation of the argument Username leads to out-of-bounds write. This vulnerability is traded as CVE-2018-25235. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability was found in WatchGuard Fireware OS up to 11.12.4+541730/12.5.17/12.11.8/2026.1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component WebUI. Executing a manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2026-4315. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in hdd Device Monitoring Studio 8.10.00.8925. It has been classified as critical. Affected is an unknown function of the component Tools Menu. Performing a manipulation results in fabric-address map allows programming of unwarranted overlaps of protected and unprotected ranges. This vulnerability is reported as CVE-2019-25655. The attack requires a local approach. Moreover, an exploit is present.