Aggregator

2026 年 3 月，瑞士官方完成了一项改写互联网底层规则的部署。

LG Display 宣布量产刷新率在 1-120Hz 之间自动调节的笔记本显示屏，在需要时降低刷新率有助于延长电池续航时间。这款 LCD 显示屏被称为 Oxide 1Hz，在检测到屏幕上显示静态图像时会自动使用 1Hz 的刷新率，在播放视频或玩游戏时能切换到最高 120Hz。LG 没有透露太多技术细节。京东方和英特尔去年宣布了类似的产品，但没有透露上市时间。戴尔公司的 2026 款 XPS 笔记本电脑将提供 Oxide 1Hz。

Сотни миллионов устройств Apple оказались под угрозой после публикации исходников кибероружия.

A vulnerability classified as critical was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. This vulnerability is known as CVE-2026-4784. It is possible to launch the attack remotely. Furthermore, an exploit is available.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内，并且直接写描述，不需要特定的开头。首先，我得通读整篇文章，抓住主要信息。 文章讲的是Intigriti的一个CTF挑战，主题是通过XSS漏洞来获取flag。看起来他们利用了DOM污秽和CSP绕过。首先，他们分析了应用的安全策略，比如CSP和DOMPurify的使用。然后发现了ComponentManager这个组件管理器，可以动态加载脚本。接着找到了一个JSONP端点，并结合DOM污秽来控制authConfig，最终导致cookie泄露。 所以总结下来，关键点是XSS漏洞、DOM污秽、CSP绕过、组件管理器和JSONP端点。这些结合起来让攻击者能够获取flag。 现在要把这些信息浓缩到100字以内，确保涵盖所有关键步骤：XSS链、DOM污秽、CSP绕过、组件管理器加载脚本、JSONP端点以及最终的cookie窃取。 文章描述了一个CTF挑战中通过XSS漏洞获取flag的过程。利用DOM污秽和CSP绕过技术，攻击者构造了一个HTMLpayload注入到页面中。该payload通过ComponentManager动态加载一个包含JSONP回调的脚本，并结合window.authConfig的clobbering技术窃取了admin的cookie，最终获取了flag。

A vulnerability classified as critical has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument course_code leads to sql injection. This vulnerability is traded as CVE-2026-4783. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A Federal Register notice seeks public comment on how cyber is covered within a 2002 law and program.

The post Treasury asks whether terrorism risk insurance program should bolster cyber coverage appeared first on CyberScoop.

A vulnerability described as critical has been identified in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. This vulnerability appears as CVE-2026-4781. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as critical has been reported in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. This vulnerability is reported as CVE-2026-4780. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. This vulnerability is documented as CVE-2026-4779. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. This vulnerability is registered as CVE-2026-4778. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. This vulnerability is cataloged as CVE-2026-4777. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #775811 / VDB-352801

A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory

Submit #775786 / VDB-352800

Submit #775174 / VDB-352799

​Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. [...]

Submit #775173 / VDB-352798

Submit #775172 / VDB-352797