Aggregator

Случайно открытый черновик рассказал о модели, которая обходит прежний флагман и пока пугает даже собственных создателей

Попытка сэкономить на экспертах превращается в рискованный билет в один конец.

A vulnerability labeled as problematic has been found in Langflow. Affected is an unknown function of the component v2 API. Such manipulation leads to path traversal. This vulnerability is documented as CVE-2026-33309. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as critical has been found in Tabs Mail Carrier 2.5.1. Affected by this vulnerability is an unknown functionality of the component SMTP Service. The manipulation of the argument MAIL FROM leads to out-of-bounds write. This vulnerability is referenced as CVE-2019-25646. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in langflow-ai langflow up to 1.8.x. It has been declared as problematic. The impacted element is an unknown function. The manipulation results in injection. This vulnerability is reported as CVE-2026-33475. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in langflow-ai langflow up to 1.8.1. Affected is an unknown function of the file /api/v2/files/ of the component Incomplete Fix CVE-2025-68478. Performing a manipulation results in path traversal. This vulnerability is known as CVE-2026-33309. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Рассказываем о методах работы самой скрытной группировки последних лет.

The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers. The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers and internal communications systems. The cybercrime group added the Commission to its Tor data leak site, claiming the theft […]

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement

JCal，一个将“已故”亿万富翁 Jeffrey Epstein 的活动记录以 Google 日历形式精确呈现的创新工具。 通过这个工具，读者可以直观地一窥这位备受争议人物过去 20 多年的日常安排，包括航班、会议、旅行、约会以及与各种知名人士的互动。 这项技术不仅让复杂的 Epstein 文件档案变得易读易懂，也揭示了个人隐私在数字时代的脆弱性，同时引发了对如何保存和呈现历史记录的深刻反思。 “通过 JCal，Jeffrey Epstein 的每一场会议、每一次旅行都被精确地记录在 Google 日历中，仿佛他从未离开。” JCal 核心亮点 熟悉的 Google Calendar 界面： 支持日视图、周视图、月视图，以及强大的搜索功能（可按人物、事件类型或关键词过滤），操作体验与日常使用的日历工具几乎一致。 基于公开文件的真实数据： 所有事件均来源于美国司法部等机构公开释放的 Epstein 文件和邮件档案，涵盖上百个详细记录，包括航班路线（如纽约飞往西棕榈滩）、与 Ghislaine Maxwell 等人的会议、医生预约、社交聚会等。部分事件带有原始文件中的 [REDACTED] 标记，保留了档案的真实性。 交互式细节查看： 点击任意事件，即可展开额外上下文备注、相关邮件链接或原始文档，帮助用户快速理解事件背景和人际网络。 JCal (jmail[.]world/calendar)是 JMail 团队（曾推出 Epstein 邮件 Gmail 克隆工具）的又一力作，旨在让原本散落在 PDF 和扫描文件中的海量信息，以时间线的形式变得“超易读”（hyperlegible）。 无论你是研究者、记者，还是对这段历史感兴趣的普通人，都能通过这个工具更清晰地探索 Epstein 的活动时间脉络与社会连接。 这不仅仅是一个日历工具，更是一种对数字历史呈现方式的创新尝试，在便利与反思之间，留给每位访客自己的判断。 顺带一提，加上这个模块，已经完成9大模块了 Jmail、JPhotos、JDrive、JFlights、JVR、Jamazon、JeffTube、Jwiki、JCal，甚至还有一个AI对话模块，见图片。

Не фотографируйте паспорт... Или фотографируйте - но вот как правильно.

A vulnerability, which was classified as critical, was found in Apache Artemis and ActiveMQ Artemis on OpenWire. This issue affects some unknown processing of the component OpenWire Consumer Handler. Executing a manipulation can lead to permission issues. This vulnerability is tracked as CVE-2026-32642. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in KNIME Business Hub up to 1.15.1/1.16.2/1.17.3. This impacts an unknown function of the component Apache Artemis. Executing a manipulation can lead to missing authentication. This vulnerability is tracked as CVE-2026-4649. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in CODESYS Control RTE, Control RTE SL, Control Win, Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL. Affected is an unknown function. The manipulation leads to format string. This vulnerability is listed as CVE-2026-3509. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability has been found in Phreesoft PhreeBooks ERP 5.2.3 and classified as problematic. Affected by this issue is some unknown functionality of the file bizuno/image/manager of the component Image Manager Component. This manipulation of the argument imgFile causes cross site scripting. This vulnerability is registered as CVE-2019-25630. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in Sourceforge phpFileManager 1.7.8. The impacted element is an unknown function of the file index.php of the component Parameter Handler. This manipulation of the argument action/fm_current_dir/filename causes missing authentication. This vulnerability is handled as CVE-2019-25632. It is possible to launch the attack on the local host. Additionally, an exploit exists.

A vulnerability described as critical has been identified in Speedbit Download Accelerator Plus DAP up to 10.0.6.0. Affected is an unknown function of the component URL Handler. Executing a manipulation can lead to out-of-bounds write. The identification of this vulnerability is CVE-2019-25628. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Flexhex River Past Cam Do 3.7.6. This affects an unknown part. This manipulation causes unrestricted upload. This vulnerability is tracked as CVE-2019-25626. The attack is restricted to local execution. Moreover, an exploit is present.