Aggregator

A vulnerability was found in Nodemailer smtp_server up to 3.18.2 and classified as problematic. This impacts the function SMTPStream._write in the library lib/smtp-stream.js. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2026-38728. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Oinone Pamirs 7.0.0 and classified as problematic. This affects an unknown function of the component XML Parser. Performing a manipulation results in xml external entity reference. This vulnerability is known as CVE-2026-39053. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, was found in Silabs Simplicity SDK. The impacted element is an unknown function. Such manipulation leads to insufficient entropy. This vulnerability is traded as CVE-2025-14972. The attack can be executed directly on the physical device. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TONYC Imager up to 1.030 on Perl. The affected element is the function Imager::File::GIF of the file imgif.c. This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2026-8669. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in vim up to 9.2.0478. Impacted is the function Vimuntar of the file runtime/autoload/tar.vim of the component Archive File Handler. The manipulation results in os command injection. This vulnerability is reported as CVE-2026-46483. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Oinone Pamirs 7.0.0. This issue affects the function CommandHelper.executeCommands. The manipulation leads to command injection. This vulnerability is documented as CVE-2026-39054. The attack requires being on the local network. There is not any exploit available.

A vulnerability described as critical has been identified in Oinone Pamirs up to 7.0.0. This vulnerability affects the function ScriptRunner.run. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2026-39052. The attack requires access to the local network. No exploit is available.

我说，看来蒲华辅是彻底叛变了，敌人要是把他放出来活动，那是十分危险的。

A vulnerability marked as problematic has been reported in websockets ws up to 8.20.0. This affects the function websocket.close. Performing a manipulation of the argument Reason results in uninitialized resource. This vulnerability is cataloged as CVE-2026-45736. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in vorbis-tools 1.4.3. Affected by this issue is the function remotethread of the file remote.c of the component ogg123. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-34253. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in Linux Kernel up to 7.0.7. Affected by this vulnerability is the function get_dumpable of the component ptrace. This manipulation causes privilege escalation. This vulnerability is tracked as CVE-2026-46333. The attack is only possible within the local network. No exploit exists.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. [...]

如果一切顺利行，Solar wind Magnetosphere Ionosphere Link Explorer(SMILE)探测器将于 5 月 19 日从法属圭亚那的欧洲航天发射场发射升空。它将采用一种新技术绘制地球磁场图。地球磁场通过偏转大部分太阳带电粒子流，使地球适宜居住。太阳风的激增会干扰卫星、无线电通信，甚至电网。SMILE 是中欧合作项目，有望增进对相关物理机制的理解，提高对太阳风暴的预测能力。很多探测器都探测过地磁层，但它们只能从磁层内部进行观测，观测范围限于每颗卫星所在的位置。SMILE 将发射到一个高椭圆轨道，位于北极上方最远 12.1 万公里处。从这里 SMILE 的核心仪器——一台软 X 射线成像仪——将监测整个面向太阳的磁层边缘。当太阳风中的带电粒子从地球高层大气中的中性原子捕获电子时，电子在跃迁到较低能级时会发射 X 射线。通过绘制太阳风与磁层交界处狭窄边界的辐射图，SMILE 将能近乎实时追踪地球磁场的响应。SMILE 的紫外成像仪则将观测极光——自然界最壮观的景象之一。

Gunra ransomware has quickly grown from a new threat into a serious global problem, hitting dozens of organizations in less than a year. The group behind it is not just encrypting data, but also running a business-like operation that sells access, leaks stolen files, and recruits partners to spread its malware. For defenders, this is […]

The post Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker appeared first on Cyber Security News.

148 тысяч установок под видом CRM для бизнеса.

A chain of four critical vulnerabilities discovered in OpenClaw, one of the fastest-growing open-source platforms for autonomous AI agents, has left an estimated 245,000 publicly accessible server instances exposed to remote exploitation, credential theft, and persistent backdoor installation. Originally launched as “Clawdbot” in late 2025, OpenClaw connects large language models directly to filesystems, SaaS applications, […]

The post OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack appeared first on Cyber Security News.

A vulnerability classified as critical has been found in Oracle PeopleSoft 9.2. The impacted element is an unknown function of the component HCM ePerformance. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2017-3315. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Oracle Primavera P6 Enterprise Project Portfolio Management up to 16.2. The impacted element is an unknown function of the component Web Access. Executing a manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2017-3324. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Oracle VM VirtualBox up to 5.0.31/5.1.13. Affected is an unknown function of the component GUI. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2017-3316. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should upgrade the affected component.