Submit #824951: GL.iNet GL-MT3000 4.4.5 Command Injection [Accepted]
Submit #824951 / VDB-369067
Aggregator
CVE-2026-47732 | twigphp Twig __toString sandbox
1 week 6 days ago
A vulnerability marked as critical has been reported in twigphp Twig. This issue affects the function __toString. The manipulation leads to sandbox issue.
This vulnerability is referenced as CVE-2026-47732. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-47730 | twigphp Twig Profiler HtmlDumper cross site scripting
1 week 6 days ago
A vulnerability labeled as problematic has been found in twigphp Twig. This vulnerability affects the function HtmlDumper of the component Profiler. Executing a manipulation can lead to cross site scripting.
The identification of this vulnerability is CVE-2026-47730. The attack may be launched remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-10725 | CRUX Protocol::HTTP/2 up to 1.12 on Perl headers_decode HTTP/2 Bomb data amplification (EUVD-2026-34964 / Nessus ID 319610)
1 week 6 days ago
A vulnerability identified as problematic has been detected in CRUX Protocol::HTTP2 up to 1.12 on Perl. This affects the function headers_decode. Performing a manipulation results in highly compressed data.
This vulnerability was named CVE-2026-10725. The attack may be initiated remotely. There is no available exploit.
vuldb.com
Звонит «мама», но это не она. Android теперь сбрасывает звонок мошенников раньше, чем вы успеете сказать «алло»
1 week 6 days ago
Google добавил в Android защиту от звонков с клонированным голосом.
视频模型巨大的「隐形成本」,没人告诉你
1 week 6 days ago
只能是巨头的游戏。
深度解读-基于LLVM的VMP反虚拟化
1 week 6 days ago
基于LLVM的VMP反虚拟化
记录如何追踪native函数动态注册地址
1 week 6 days ago
看雪论坛作者ID:伊苏尔德
看雪·2026 KCTF 防守方规则出炉!全网火热征题进行中(赢大疆运动相机)
1 week 6 days ago
欢迎踊跃参与赢大奖
记录如何追踪native函数动态注册地址
1 week 6 days ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
看雪·2026 KCTF 防守方规则出炉!全网火热征题进行中(赢大疆运动相机)
1 week 6 days ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
Система должна была заблокировать — а он показывал рекламу: троян MagicAd обошел ограничения Android
1 week 6 days ago
Троян MagicAd прятался более чем в 50 играх и программах каталога Xiaomi GetApps
引导程序的最后一行代码
1 week 6 days ago
继Andreessen”软件吞噬世界”之后,AI正反过来吞噬软件:从写代码到搭架构、做编排、修模型,人类不断为其打造技能与自主系统,把自己挤出回路。当工具完善到AI不再需要我们,碳基生命这段”引导程序”或许已写下最后一行代码,届时人类在宇宙中还剩下什么?
Без пароля, без аккаунта, 12000 серверов. Новая уязвимость в SolarWinds позволяет положить сервер одним запросом
1 week 6 days ago
США признали уязвимость SolarWinds активно эксплуатируемой и дали госорганам две недели.
[指南] 修复Codex for Windows版操作电脑和浏览器插件无法工作的问题
1 week 6 days ago
模型供应链风险初探:依赖、演化、质量与风险传播的首次全景扫描
1 week 6 days ago
百万级模型的复杂供应链背后的元数据缺失、依赖关系隐形,正加剧供应链风险的传播。
腾讯旗下 LightVela,提供免费一个月 Hermes,带 Kimi K2.5 模型
1 week 6 days ago
HomeAI AI
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
1 week 6 days ago
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.
The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,
The Hacker News
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
1 week 6 days ago
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and docume
«Почему мое видео никто не смотрит?» — теперь можно спросить у робота. Meta запустила ИИ-советника для авторов Facebook, и он обещает честно ответить
1 week 6 days ago
Корпорация расширяет экосистему ИИ-инструментов для создателей контента на фоне растущей конкуренции с YouTube, TikTok и Instagram.