Aggregator

一份来自360漏洞研究院的AI Agent生态安全体检报告

Mozilla 释出了 Firefox 151。主要新特性包括：更新内置 VPN 支持，改进隐私浏览，Firefox PDF 查看器支持直接合并多个 PDF 文件，Linux 和 macOS 本地配置文件备份支持跨平台恢复，文档画中画 API——提供了比目前的视频画中画 API 更多功能体验，等等。JPEG-XL 原生图像解密器推迟到了下个版本。

Внутренние чаты показали, как устроена экономика вымогательства без глянца и пафоса.

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,"

Open source tool maker Grafana says hackers stole codebase via GitHub breach

A vulnerability has been found in gotenberg 8.1.0/8.31.0 and classified as critical. Affected is the function downloadFrom/webhook. Performing a manipulation results in server-side request forgery. This vulnerability was named CVE-2026-42596. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Strapi Upload Plugin. Impacted is an unknown function of the component Content API. Performing a manipulation results in unrestricted upload. This vulnerability is known as CVE-2026-22707. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in datahub-project datahub up to 1.5.0.3. This issue affects some unknown processing of the component OIDC Call Handler. Performing a manipulation of the argument REDIRECT_URL results in deserialization. This vulnerability is cataloged as CVE-2026-44501. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Strapi up to 5.36.x. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is traded as CVE-2026-27886. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Strapi up to 4.26.0/5.33.1 and classified as critical. This issue affects the function db.connection.raw of the component Database Utility. This manipulation causes sql injection. This vulnerability is handled as CVE-2026-22599. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in fleetdm fleet up to 4.80.x. It has been classified as problematic. The affected element is an unknown function of the component Windows MDM Management Endpoint. Performing a manipulation results in improper certificate validation. This vulnerability was named CVE-2026-23998. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Strapi up to 5.33.2. It has been declared as problematic. The impacted element is an unknown function. Executing a manipulation can lead to session expiration. The identification of this vulnerability is CVE-2026-22706. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Authenticator on Android/iOS and classified as problematic. This impacts an unknown function. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2026-41615. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability described as problematic has been identified in etcd-io etcd up to 3.4.43/3.5.29/3.6.10. The impacted element is an unknown function of the component Attachments Handler. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-44283. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in Strapi up to 5.44.x. Affected is an unknown function of the file /auth/local. This manipulation causes improper restriction of excessive authentication attempts. This vulnerability is tracked as CVE-2025-64526. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

We are happy to announce support for the Android ART VDEX format. The new VDEX Format package l

Один вежливый разговор обычно оказывается куда опаснее сложного вредоноса.

A real-world implementation with Wazuh, Graylog, MongoDB, Grafana, Nginx, OAuth2-Proxy, Redis, AI an

And Vice VersaPress enter or click to view image in full sizePhoto by Dylan Gillis on UnsplashIn 202