Aggregator

韩国总统府青瓦台22日就有关部分中国地图软件显示韩国主要敏感设施位置的报道表示，国土交通部计划立即通过韩国境内合作方，要求相关地图应用删除韩国敏感设施名称等信息。韩国一家媒体当天报道称，在中国当地广泛

A vulnerability, which was classified as critical, has been found in H3C Magic B0 up to 100R002. This affects the function Edit_BasicSSID_5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. This vulnerability was named CVE-2026-9393. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in SIPp up to 3.6. The impacted element is an unknown function of the file sipp.cpp of the component Command-Line Argument Handler. Such manipulation of the argument 3pcc/i/log_file leads to buffer overflow. This vulnerability is uniquely identified as CVE-2018-25356. Local access is required to approach this attack. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Audiograbber 1.83. The affected element is an unknown function. This manipulation causes buffer overflow. This vulnerability is handled as CVE-2018-25355. It is possible to launch the attack on the local host. Additionally, an exploit exists.

A vulnerability described as problematic has been identified in Jomres 9.11.2 on Joomla. Impacted is an unknown function of the file /account/index. The manipulation results in cross-site request forgery. This vulnerability is known as CVE-2018-25354. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in 10-Strike Network Scanner 3.0. This issue affects some unknown processing. The manipulation of the argument host name leads to buffer overflow. This vulnerability is traded as CVE-2018-25345. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in 10-Strike Network Inventory Explorer 8.54. This vulnerability affects unknown code of the component Registration Handler. Executing a manipulation of the argument registration key can lead to stack-based buffer overflow. This vulnerability appears as CVE-2018-25344. The attack requires local access. In addition, an exploit is available.

A vulnerability identified as critical has been detected in prefecthq prefect up to 3.6.18. This affects the function shlex.split of the file src/integrations/prefect-github/prefect_github/repository.py. Performing a manipulation of the argument reference results in argument injection. This vulnerability is reported as CVE-2026-3515. The attack is possible to be carried out remotely. No exploit exists.

比特币曾被普遍认为是无法被黑客攻破的。但随着科技公司将研发实用量子计算机的时间表大幅提前至最早2030年，数字资产公司也在加快为“后量子”时代做准备。这一威胁已经从理论层面变成了真实可信的风险。谷歌研

Positive Technologies включила четыре уязвимости в майский дайджест трендовых угроз.

A vulnerability was found in Trend Micro Apex One Security Agent and classified as critical. The impacted element is an unknown function of the component TmSelfProtect. Such manipulation leads to origin validation error. This vulnerability is traded as CVE-2025-71217. An attack has to be approached locally. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Concrete CMS up to 9.5.0. This impacts the function do_update of the file /dashboard/extend/update/do_update/. This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2026-8417. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in Concrete CMS up to 9.5.0. Affected by this vulnerability is the function install_package of the file concrete/controllers/single_page/dashboard/extend/install.php of the component Installation Handler. Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-8421. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Concrete CMS up to 9.5.0 and classified as problematic. This affects the function Download of the file /dashboard/extend/install/download/. The manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2026-8140. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Concrete CMS up to 9.5.0 and classified as problematic. This vulnerability affects unknown code. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-8197. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in Concrete CMS up to 9.5.0. Affected is an unknown function of the file /dashboard/extend/update/prepare_remote_upgrade/. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2026-8426. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Concrete CMS up to 9.5.0. The impacted element is an unknown function of the file /dashboard/reports/forms/legacy of the component URL Handler. Such manipulation leads to improper neutralization of script in attributes in a web page. This vulnerability is listed as CVE-2026-8245. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as critical has been reported in 9front. This affects an unknown function of the component HTML File Handler. This manipulation causes unrestricted upload. This vulnerability is handled as CVE-2026-9053. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability identified as critical has been detected in Uncrustify. The impacted element is the function check_template function/tokenize_cleanup of the file check_template.cpp. Performing a manipulation results in buffer overflow. This vulnerability is identified as CVE-2026-36189. The attack is only possible with local access. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in TCHATZI Authen::TOTP up to 0.1.0 on Perl. It has been rated as problematic. This vulnerability affects the function rand. This manipulation causes insufficient entropy. This vulnerability is handled as CVE-2026-46473. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.