最新预警列表

CRITICAL CERT/CC VU 2026-06-17

VU#616257: Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass

Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Fo

CRITICAL NVD Recent 2026-06-17

CVE-2026-49875:Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.

CRITICAL NVD Recent 2026-06-17

CVE-2026-11535:An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unaut

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.

CRITICAL CERT/CC VU 2026-06-15

VU#862559: crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraints

Overview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation"

CRITICAL CERT-EU 2026-06-10

2026-008: Critical vulnerabilities in Ivanti Sentry

On 9 June 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their Sentry products[1]. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device.

CRITICAL CERT-EU 2026-06-10

2026-007: Critical Vulnerability in Windows Netlogon

On 12 May 2026, Microsoft published a security advisory addressing a critical vulnerability affecting Windows Server when acting as a domain controller. This vulnerability allows an unauthenticated attacker to execute arbitrary code over a network. Accord

CRITICAL CERT/CC VU 2026-06-03

VU#595768: Securly Chrome Extension contains multiple weak encryption and access control vulnerabilities

Overview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of do

CRITICAL CERT/CC VU 2026-06-02

VU#615987: Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments

Overview VoLTE deployments on Verizon’s IMS network have operated without negotiated SIP integrity protection. In observed test conditions, SIP signaling—including registration, call setup, and messaging—traveled without IPsec ESP encapsulation and withou

CRITICAL CERT/CC VU 2026-06-02

VU#265691: Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerability

Overview A stored cross-site scripting (XSS) vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editor’s autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with develop

CRITICAL CERT/CC VU 2026-06-02

VU#873170: Collibra Agent contains improper authentication and path traversal vulnerabilities

Overview The Collibra Platform Agent contains vulnerabilities that can be chained by a remote, unauthenticated attacker to achieve remote code execution. An attacker can exploit these issues by uploading a crafted ZIP archive that writes attacker-controll

CRITICAL CERT-EU 2026-05-06

2026-006: Critical Vulnerability in PAN-OS

On 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges. Palo Alto observed limited exploitation of t

CRITICAL Huawei PSIRT 2026-03-25

Security Advisory - Authentication Bypass Vulnerability in Huawei PC Products

来自官方公开订阅源的近期安全预警,建议结合原文评估影响与修复优先级。

CRITICAL CERT-EU 2026-03-25

2026-004: Critical Vulnerability in SharePoint Exploited

On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulner

CRITICAL CERT-EU 2026-02-26

2026-002: Multiple Vulnerabilities in Cisco Products

On 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager. If exploited, these vulnerabilities could allow attackers to gain adminis

CRITICAL CERT-EU 2026-01-30

2026-001: Critical vulnerabilities in Ivanti EPMM

On 29 January 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their EPMM products. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device. One of these vulnerabi

站内所有资源、漏洞预警、工具与专题内容仅面向企业授权自测、合规研究与安全运维使用。本站不提供可直接用于非法攻击的程序、载荷或黑产平台入口。