Aggregator

除了首页时间流和侧栏的精选展位，少数派 Matrix 社区还有很多优秀内容因条件所限无法得到有效曝光，因此我们决定重启 Matrix 周报，并在此基础上添加更多社区内容、作者投稿新玩意呈现给大家。上周

Press enter or click to view image in full sizeIntroductionEvery day, millions of API requests are m

Press enter or click to view image in full sizeIntroductionEvery day, millions of API requests are m

Hey hackers!Hope you’re all doing great and staying curious. Lately, I’ve been spending a lot of tim

The Runtime Security Gap Left UnguardedPress enter or click to view image in full sizeYears of shift

The Runtime Security Gap Left UnguardedPress enter or click to view image in full sizeYears of shift

Press enter or click to view image in full sizePicture this.It is a Tuesday morning. Your team’s CI

Press enter or click to view image in full sizeA short recon story about a delayed HTML injection, a

Press enter or click to view image in full sizeA short recon story about a delayed HTML injection, a

Press enter or click to view image in full sizePhoto by Jefferson Santos on UnsplashModern applicati

How a Low, a Medium, and a High Compose Into a CriticalPress enter or click to view image in full si

火绒为您避坑：微软5月安全更新重要提醒

May 19, 2026This year has been a dichotomy of established secure designfundamentals and burgeoning

A vulnerability was found in Frappe ERPNext up to 15.101.x/16.10.x. It has been declared as problematic. Affected by this issue is some unknown functionality. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-44448. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in GitLab Enterprise Edition up to 18.9.6/18.10.5/18.11.2. Affected by this issue is some unknown functionality. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2026-6073. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in GitLab Enterprise Edition up to 18.9.6/18.10.5/18.11.2. This issue affects some unknown processing of the component Analytics Dashboard. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-7377. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Northern.tech CFEngine Enterprise up to 3.21.7/3.24.2/3.26.x. This affects an unknown part. The manipulation results in improper access controls. This vulnerability is reported as CVE-2026-24711. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Northern.tech CFEngine Community and CFEngine Enterprise up to 3.21.7/3.24.2/3.26.x. This vulnerability affects unknown code. This manipulation causes command injection. This vulnerability appears as CVE-2026-24712. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in coleam00 Archon 0.1.0. This affects an unknown function of the component UI Including API. The manipulation results in code injection. This vulnerability was named CVE-2025-69443. The attack may be performed from remote. There is no available exploit.