This page collects WhisperX intelligence signals tagged #cve. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Deepin 社区在 V23 Beta3 测试集成通道中,紧急推送了 Intel 微码更新至版本 3.20240910.1。此次更新并非普通的功能修复,而是直接针对英特尔近期披露的两个高危安全漏洞,旨在为 Deepin 用户提供关键的系统级防护。 此次更新的核心是上游英特尔微码数据文件 20240910。它包含了对 INTEL-SA-01103(对应 CVE-2024-23984)的缓解措施,该漏洞存在于某些英特尔处理器的运行平均功率限制(RAPL)接口中,可能导致信息泄露。同时,它也缓解了 INTEL-SA-01097(对应 CVE-2024-24968),该漏洞可能在某些英特尔处理器上导致拒绝服务攻击。此外,更新还修复了多个处...
The Deepin community's automated CI system has pushed a high-urgency security update for the libsoup3 library, patching multiple critical vulnerabilities. The update, version 3.6.5-8, addresses three distinct CVEs, including a Carriage Return Line Feed (CRLF) injection flaw and an information leak, marking a significan...
A critical security vulnerability has been identified in libcurl, the widely-used data transfer library, affecting versions from 7.17.0 up to and including 8.17.0. This exposure, detailed in a Tenable Nessus plugin advisory, necessitates an immediate upgrade to version 8.18.0 or later to mitigate the risk. The flaw's p...
A software project's continuous integration (CI) pipeline has been configured to bypass a specific security vulnerability check, highlighting a common but often overlooked tension between security compliance and practical development workflows. The project's maintainers have explicitly instructed the `pip-audit` tool t...
A critical remote code execution (RCE) vulnerability has been identified within React Server Components, directly impacting major frameworks like Next.js. The flaw, stemming from insecure deserialization in the React Flight protocol, enables unauthenticated attackers to execute arbitrary code on the server. This repres...
A critical security flaw in the popular Fastify web framework allows attackers to spoof protocol and host information, even when restrictive proxy trust settings are in place. The vulnerability, tracked as CVE-2026-3635, stems from a logic error where the `request.protocol` and `request.host` getters incorrectly read `...
Enter Software의 Iperius Backup 백업 소프트웨어에서 심각한 로컬 권한 상승 취약점(CVE-2026-4822)이 공개적으로 식별되었다. 이 취약점은 CVSS 4.0 기준 7.3점의 높은 위험 등급을 부여받았으며, 공격자가 로컬 시스템에서 낮은 권한으로 시작해 시스템의 기밀성, 무결성, 가용성에 대한 높은 수준의 제어권을 획득할 수 있는 위험을 내포한다. 공격 벡터는 로컬이며 복잡성은 높은 것으로 평가됐다. 이 취약점은 Iperius Backup 버전 8.7.0, 8.7.1, 8.7.2, 8.7.3에 영향을 미치는 것으로 확인되었다. 현재까지 C...
A critical security vulnerability, tracked as CVE-2026-33672, has been patched in the latest release of the picomatch library. The update to version 4.0.4 addresses a high-severity flaw that could potentially be exploited in applications using the popular glob pattern matching library. This is not a routine dependency ...
A critical security vulnerability in the Fastify web framework allows attackers to bypass request body validation entirely, posing a direct threat to applications relying on schema-based input sanitization. The flaw, tracked as CVE-2026-25223, is triggered by appending a tab character (`\t`) followed by arbitrary conte...
A new automated security gate is being integrated into the CI/CD pipeline, designed to halt software releases containing critical or high-severity vulnerabilities. The policy-driven system, using Conforma (`ec`), enforces strict vulnerability thresholds, transforming CVE scanning from a passive report into an active re...
Go 语言最流行的 Web 框架之一 Gin 的 v1.9.1 版本被安全扫描工具检出 8 个安全漏洞,其中最高严重性评分为 7.5(CVSS 评分)。这些漏洞并非直接存在于 Gin 框架本身,而是通过其依赖链中的 `golang.org/x/net` 库引入。扫描报告显示,漏洞在项目 `aigency-v1.0.0` 的特定提交中被发现,路径指向了 Go 模块缓存中的依赖文件。 此次曝光的漏洞详情列表已部分披露,其中包含一个编号为 CVE-2025-47913 的漏洞。报告明确指出,这些漏洞的根源在于 Gin 框架所依赖的上游组件。对于使用 `github.com/gin-gonic/gin v1.9.1` 的 Go 项目而言,...
A high-severity security violation has been flagged within a major McKinsey & Company project. The JFrog Xray security scan for the 'agents-at-scale-ark' repository detected multiple instances of CVE-2026-33671, a ReDoS (Regular Expression Denial of Service) vulnerability in the widely used `picomatch` library. The aut...
Eksagate Electronic Engineering and Computer Industry Trade Inc.의 'Webpack Management System'에서 심각한 SQL 인젝션 취약점(CVE-2025-10437)이 공개적으로 식별됐다. 이 취약점은 CVSS 9.8의 위험 등급을 부여받았으며, 공격자가 네트워크를 통해 인증 없이 시스템에 접근해 데이터의 기밀성, 무결성, 가용성을 모두 높은 수준으로 침해할 수 있는 위험을 내포하고 있다. 2025년 11월 19일 이하 버전의 소프트웨어가 영향을 받는 것으로 확인됐다. 취약점의 기술적 원인은 'SQL 명...
A critical remote code execution (RCE) vulnerability has been identified within React Server Components, posing a direct threat to major frameworks like Next.js. The flaw, stemming from insecure deserialization in the React Flight protocol, enables unauthenticated attackers to execute arbitrary code on affected servers...
A comprehensive security triage of the openzigs repository has exposed a critical vulnerability landscape, revealing a mix of high-severity CVEs, a prototype pollution flaw, and the mass dismissal of over 140 automated security warnings. The audit, conducted in March 2026, identified 7 actionable Dependabot alerts and ...
GitHub Copilot 的核心依赖库 `@github/copilot` 中发现一个高危安全漏洞,被标记为 CVE-2026-29783。该漏洞被评定为“高严重性”,其本质是一个Shell扩展漏洞,攻击者可能利用此漏洞在受影响的系统上执行任意代码。这一缺陷直接威胁到所有依赖 `@github/copilot-sdk` 版本 0.1.29 及更早版本的项目,因为这些版本会传递性地引入存在漏洞的 `@github/copilot` 0.0.420。 漏洞的根源在于 `@github/copilot-sdk` 所依赖的传递性包。具体而言,`@github/[email protected]` 会拉取存在漏洞的 `@github/...
The Vite development server contains six distinct filesystem bypass vulnerabilities, allowing unauthorized access to sensitive files on a developer's machine. These CVEs, including CVE-2025-32395 and CVE-2025-31125, all circumvent the `server.fs.deny` protection mechanism. The risk is specific to the development enviro...
A critical security vulnerability has been identified in the widely-used Python `requests` library, tracked as CVE-2026-25645. The flaw resides in the `requests.utils.extract_zipped_paths()` utility function, which uses a predictable filename when extracting files from zip archives into the system's temporary directory...
The libpng project has released version 1.6.56, a security update addressing two high-severity vulnerabilities. The most significant fix is for CVE-2026-33416, a use-after-free flaw that has been embedded in the library's transparency and palette handling code since the 1990s. This was not an unknown oversight; the pro...
一个关键的安全更新正在通过 GitHub 的自动化依赖管理工具 Renovate 推送到全球数千个 Go 语言项目中。此次更新针对的是谷歌维护的核心网络通信库 `google.golang.org/grpc`,旨在修复一个被标记为 CVE-2026-33186 的高危漏洞。该漏洞被归类为“授权绕过”,其根源在于“不当的输入验证”,这意味着攻击者可能通过构造恶意输入,绕过服务端的身份验证或授权检查,从而访问未授权的数据或功能。 此次更新将 gRPC 库的版本从 `v1.63.2` 直接跳升至 `v1.79.3`,跨度巨大,表明其中包含了大量累积的修复和改进,而安全修复是此次强制升级的核心驱动力。自动化工具 Renovate 生成的合...