Aggregator

俄罗斯黑客组织 “鱼叉”（Gamaredon）持续利用 WinRAR 漏洞，投放多种旨在窃取数据和传播的恶意软件。   据安全公司 Sekoia 称，此次攻击利用了 WinRAR 中的路径遍历漏洞 CVE - 2025 - 8088，将其武器化以启动名为 GammaPhish 的 HTML 应用程序有效载荷，然后该程序会检索一个名为 GammaLoad 的中间 V...

A vulnerability categorized as critical has been discovered in Seagate openSeaChest up to 25.05.3/26.03.0. This affects an unknown part of the component SCSI Handler. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-10717. Attacking locally is a requirement. No exploit is available.

A vulnerability identified as critical has been detected in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. This vulnerability is tracked as CVE-2026-10688. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as problematic has been discovered in QloApps up to 1.7.0. Affected is the function Tools::encrypt of the file classes/Tools.php. Executing a manipulation can lead to password hash with insufficient computational effort. This vulnerability is handled as CVE-2026-25861. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Seagate openSeaChest up to 26.03.0 and classified as critical. This affects an unknown function. This manipulation causes out-of-bounds write. This vulnerability is registered as CVE-2026-10718. The attack needs to be launched locally. No exploit is available.

A vulnerability marked as critical has been reported in Seagate SeaChest up to 25.05.3. Impacted is the function showSupportedFormats of the component NVMe Handler. Performing a manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-10719. The attack needs to be approached locally. There is no available exploit.

美国白宫网站当地时间6月2日报道，美国总统特朗普当天签署了一项关于先进人工智能监管的行政命令《推动先进人工智能创新与安全》。

Rapid7 警告称，惠普多款 Poly Voice VoIP 电话型号存在严重漏洞，可被利用获取 root 权限并远程执行代码（RCE），使攻击者能在企业网络中立足。   该漏洞编号为 CVE - 2026 - 0826（通用漏洞评分系统 CVSS 评分为 9.2），是会话描述协议（SDP）属性解析过程中基于栈的缓冲区溢出问题，影响启用了交互式连接建立（ICE）功能的设备。 &nbsp...

‍硬件安全 ×AI 创作跨界联动，全网上线征稿！

A vulnerability labeled as critical has been found in Siemens SIMATIC HMI Comfort Outdoor Panels, SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels and SIMATIC Wincc Runtime Advanced up to 16 Update 3. Impacted is an unknown function of the component Device Layout Handler. Executing a manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2021-27386. The attack is only possible within the local network. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as critical has been reported in Siemens SIMATIC Drive Controller, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2, SIMATIC S7-1200 CPU, SIMATIC S7-1500 CPU, SIMATIC S7-1500 Software Controller and SIMATIC S7-PLCSIM Advanced. The affected element is an unknown function of the component Service Port 102. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2020-15782. The attack can be initiated remotely. There is not any exploit available. It is suggested to use restrictive firewalling.

A vulnerability was found in Mitsubishi Electric MELSEC-Q. It has been classified as problematic. This affects an unknown part of the component Packet Handler. The manipulation leads to denial of service. This vulnerability is listed as CVE-2022-24946. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability classified as critical was found in Omron NJ, NX7, NX1, NA5-15W, NA5-12W, NA5-9W, NA5-7W and Sysmac Studio. Affected by this issue is some unknown functionality. Executing a manipulation can lead to hard-coded credentials. This vulnerability is tracked as CVE-2022-34151. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in Omron NX7, NX1 and NJ. This vulnerability affects unknown code. The manipulation results in authentication bypass by capture-replay. This vulnerability is cataloged as CVE-2022-33971. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Siemens SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels, SIMATIC HMI KTP1200 Basic, SIMATIC HMI KTP400 Basic, SIMATIC HMI KTP700 Basic, SIMATIC HMI KTP900 Basic, SIPLUS HMI KTP1200 BASIC, SIPLUS HMI KTP400 BASIC, SIPLUS HMI KTP700 BASIC and SIPLUS HMI KTP900 BASIC and classified as problematic. Impacted is an unknown function of the component TCP Handler. Executing a manipulation can lead to denial of service. The identification of this vulnerability is CVE-2022-40227. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in remix-run react-router. This issue affects some unknown processing. The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-22029. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0. This vulnerability affects unknown code of the component smb. This manipulation causes race condition. This vulnerability is registered as CVE-2026-23230. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Synology Presto Client up to 2.1.3-0671. Affected by this issue is some unknown functionality. The manipulation results in uncontrolled search path. This vulnerability is reported as CVE-2026-3091. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3. This impacts the function nf_tables_addchain of the component netfilter. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-23231. The attack needs to be done within the local network. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Oracle Communications Diameter Signaling Router 8.6.0.0. It has been classified as critical. This impacts an unknown function of the component Platform. Performing a manipulation results in improper authentication. This vulnerability is identified as CVE-2022-0492. The attack is only possible with local access. Additionally, an exploit exists.