متاح الآن! بحث تيليغرام 2025 — أهم رؤى العام 
CVE Notify
الذهاب إلى القناة على Telegram
Alert on the latest CVEs Partner channel: @malwr
إظهار المزيد📈 نظرة تحليلية على قناة تيليجرام CVE Notify
تُعد قناة CVE Notify (@cvenotify) في القطاع اللغوي الإنكليزية لاعباً نشطاً. يضم المجتمع حالياً 18 867 مشتركاً، محتلاً المرتبة 7 133 في فئة التكنولوجيات والتطبيقات والمرتبة 2 092 في منطقة الولايات المتحدة.
📊 مؤشرات الجمهور والحراك
منذ تأسيسه في невідомо، حقق المشروع نمواً سريعاً وجمع 18 867 مشتركاً.
بحسب آخر البيانات بتاريخ 09 يونيو, 2026، تحافظ القناة على نشاط مستقر. خلال آخر 30 يوماً تغيّر عدد الأعضاء بمقدار 442، وفي آخر 24 ساعة بمقدار 18، مع بقاء الوصول العام مرتفعاً.
- حالة التحقق: غير موثّقة
- معدل التفاعل (ER): يبلغ متوسط تفاعل الجمهور 0.53%. وخلال أول 24 ساعة من النشر يحصد المحتوى عادةً 0.39% من ردود الفعل نسبةً إلى إجمالي المشتركين.
- وصول المنشورات: يحصل كل منشور على متوسط 100 مشاهدة. وخلال اليوم الأول يجمع عادةً 74 مشاهدة.
- التفاعلات والاستجابة: يتفاعل الجمهور بانتظام؛ متوسط التفاعلات لكل منشور يبلغ 1.
- الاهتمامات الموضوعية: يركز المحتوى على مواضيع رئيسية مثل cve-2026, attack, input, validation, manipulation.
📝 الوصف وسياسة المحتوى
يصف المؤلف القناة بأنها مساحة للتعبير عن الآراء الذاتية:
“Alert on the latest CVEs
Partner channel: @malwr”
بفضل وتيرة التحديث المرتفعة (أحدث البيانات بتاريخ 10 يونيو, 2026) تحافظ القناة على حداثتها ومستوى وصول مرتفع. وتُظهر التحليلات تفاعلاً نشطاً من الجمهور، ما يجعلها نقطة تأثير مهمة ضمن فئة التكنولوجيات والتطبيقات.
18 867
المشتركون
+1824 ساعات
+1267 أيام
+44230 أيام
جاري تحميل البيانات...
القنوات المماثلة
سحابة العلامات
الإشارات الواردة والصادرة
---
---
---
---
---
---
جذب المشتركين
يونيو '26
يونيو '26
+155
في 0 قنوات
مايو '26
+531
في 2 قنوات
Get PRO
أبريل '26
+278
في 1 قنوات
Get PRO
مارس '26
+266
في 2 قنوات
Get PRO
فبراير '26
+423
في 1 قنوات
Get PRO
يناير '26
+436
في 1 قنوات
Get PRO
ديسمبر '25
+713
في 3 قنوات
Get PRO
نوفمبر '25
+453
في 1 قنوات
Get PRO
أكتوبر '25
+320
في 1 قنوات
Get PRO
سبتمبر '25
+190
في 0 قنوات
Get PRO
أغسطس '25
+198
في 0 قنوات
Get PRO
يوليو '25
+280
في 0 قنوات
Get PRO
يونيو '25
+178
في 0 قنوات
Get PRO
مايو '25
+207
في 0 قنوات
Get PRO
أبريل '25
+262
في 0 قنوات
Get PRO
مارس '25
+207
في 0 قنوات
Get PRO
فبراير '25
+179
في 0 قنوات
Get PRO
يناير '25
+214
في 3 قنوات
Get PRO
ديسمبر '24
+299
في 0 قنوات
Get PRO
نوفمبر '24
+831
في 1 قنوات
Get PRO
أكتوبر '24
+997
في 2 قنوات
Get PRO
سبتمبر '24
+1 432
في 1 قنوات
Get PRO
أغسطس '24
+1 728
في 3 قنوات
Get PRO
يوليو '24
+1 253
في 2 قنوات
Get PRO
يونيو '24
+1 168
في 2 قنوات
Get PRO
مايو '24
+1 342
في 0 قنوات
Get PRO
أبريل '24
+1 457
في 1 قنوات
Get PRO
مارس '24
+1 255
في 2 قنوات
Get PRO
فبراير '24
+845
في 1 قنوات
Get PRO
يناير '24
+462
في 1 قنوات
Get PRO
ديسمبر '23
+451
في 1 قنوات
Get PRO
نوفمبر '23
+140
في 1 قنوات
Get PRO
أكتوبر '23
+194
في 0 قنوات
Get PRO
سبتمبر '23
+174
في 0 قنوات
Get PRO
أغسطس '23
+179
في 0 قنوات
Get PRO
يوليو '23
+114
في 0 قنوات
Get PRO
يونيو '23
+136
في 0 قنوات
Get PRO
مايو '23
+108
في 0 قنوات
Get PRO
أبريل '23
+147
في 0 قنوات
Get PRO
مارس '23
+174
في 0 قنوات
Get PRO
فبراير '23
+108
في 0 قنوات
Get PRO
يناير '23
+107
في 0 قنوات
Get PRO
ديسمبر '22
+102
في 0 قنوات
Get PRO
نوفمبر '22
+152
في 0 قنوات
Get PRO
أكتوبر '22
+74
في 0 قنوات
Get PRO
سبتمبر '22
+97
في 0 قنوات
Get PRO
أغسطس '22
+142
في 0 قنوات
Get PRO
يوليو '22
+93
في 0 قنوات
Get PRO
يونيو '22
+109
في 0 قنوات
Get PRO
مايو '22
+194
في 0 قنوات
Get PRO
أبريل '22
+94
في 0 قنوات
Get PRO
مارس '22
+153
في 0 قنوات
Get PRO
فبراير '22
+155
في 0 قنوات
Get PRO
يناير '22
+160
في 0 قنوات
Get PRO
ديسمبر '21
+203
في 0 قنوات
Get PRO
نوفمبر '21
+47
في 0 قنوات
Get PRO
أكتوبر '21
+76
في 0 قنوات
Get PRO
سبتمبر '21
+88
في 0 قنوات
Get PRO
أغسطس '21
+339
في 0 قنوات
Get PRO
يوليو '21
+92
في 0 قنوات
Get PRO
يونيو '21
+5
في 0 قنوات
Get PRO
مايو '21
+24
في 0 قنوات
Get PRO
أبريل '21
+18
في 0 قنوات
Get PRO
مارس '21
+37
في 0 قنوات
Get PRO
فبراير '21
+101
في 0 قنوات
Get PRO
يناير '21
+324
في 0 قنوات
| التاريخ | نمو المشتركين | الإشارات | القنوات | |
| 10 يونيو | +11 | |||
| 09 يونيو | +18 | |||
| 08 يونيو | +23 | |||
| 07 يونيو | +15 | |||
| 06 يونيو | +6 | |||
| 05 يونيو | +15 | |||
| 04 يونيو | +35 | |||
| 03 يونيو | +14 | |||
| 02 يونيو | +7 | |||
| 01 يونيو | +11 |
منشورات القناة
🚨 CVE-2026-46149
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
target_tg_pt_gp_members_show() formats LUN paths with snprintf() into a
256-byte stack buffer, then will memcpy() cur_len bytes from that
buffer. snprintf() returns the length the output would have had, which
can exceed the buffer size when the fabric WWN is long because iSCSI IQN
names can be up to 223 bytes. The check at the memcpy() site only
guards the destination page write, not the source read, so memcpy() will
read past the stack buffer and copy adjacent stack contents to the sysfs
reader, which when CONFIG_FORTIFY_SOURCE is enabled, fortify_panic()
will be triggered.
Commit 27e06650a5ea ("scsi: target: target_core_configfs: Add length
check to avoid buffer overflow") added the same bound to the
target_lu_gp_members_show() but the tg_pt_gp variant was missed so
resolve that here.
🎖@cveNotify
| 2 | 🚨 CVE-2026-46148
In the Linux kernel, the following vulnerability has been resolved:
spi: microchip-core-qspi: control built-in cs manually
The coreQSPI IP supports only a single chip select, which is
automagically operated by the hardware - set low when the transmit
buffer first gets written to and set high when the number of bytes
written to the TOTALBYTES field of the FRAMES register have been sent on
the bus. Additional devices must use GPIOs for their chip selects.
It was reported to me that if there are two devices attached to this
QSPI controller that the in-built chip select is set low while linux
tries to access the device attached to the GPIO.
This went undetected as the boards that connected multiple devices to
the SPI controller all exclusively used GPIOs for chip selects, not
relying on the built-in chip select at all. It turns out that this was
because the built-in chip select, when controlled automagically, is set
low when active and high when inactive, thereby ruling out its use for
active-high devices or devices that need to transmit with the chip
select disabled.
Modify the driver so that it controls chip select directly, retaining
the behaviour for mem_ops of setting the chip select active for the
entire duration of the transfer in the exec_op callback. For regular
transfers, implement the set_cs callback for the core to use.
As part of this, the existing setup callback, mchp_coreqspi_setup_op(),
is removed. Modifying the CLKIDLE field is not safe to do during
operation when there are multiple devices, so this code is removed
entirely. Setting the MASTER and ENABLE fields is something that can be
done once at probe, it doesn't need to be re-run for each device.
Instead the new setup callback sets the built-in chip select to its
inactive state for active-low devices, as the reset value of the chip
select in software controlled mode is low.
🎖@cveNotify | 11 |
| 3 | 🚨 CVE-2026-46147
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Two bugs exist in the vCPU initialisation path:
1. If a check fails after hyp_pin_shared_mem() succeeds, the cleanup
path jumps to 'unlock' without calling unpin_host_vcpu() or
unpin_host_sve_state(), permanently leaking pin references on the
host vCPU and SVE state pages.
Extract a register_hyp_vcpu() helper that performs the checks and
the store. When register_hyp_vcpu() returns an error, call
unpin_host_vcpu() and unpin_host_sve_state() inline before falling
through to the existing 'unlock' label.
2. register_hyp_vcpu() publishes the new vCPU pointer into
'hyp_vm->vcpus[]' with a bare store, allowing a concurrent caller
of pkvm_load_hyp_vcpu() to observe a partially initialised vCPU
object.
Ensure the store uses smp_store_release() and the load uses
smp_load_acquire(). While 'vm_table_lock' currently serialises the
store and the load, these barriers ensure the reader sees the fully
initialised 'hyp_vcpu' object even if there were a lockless path or
if the lock's own ordering guarantees were insufficient for nested
object initialization.
🎖@cveNotify | 8 |
| 4 | 🚨 CVE-2026-46146
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
The convert_chmap_v3() has a loop with its increment size of
cs_desc->wLength, but we forgot to validate cs_desc->wLength itself,
which may lead to potential endless loop by a malformed descriptor.
Add a proper size check to abort the loop for plugging the hole.
🎖@cveNotify | 9 |
| 5 | 🚨 CVE-2026-46145
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Validate rx_hash_key_len
Sashiko points out that rx_hash_key_len comes from a uAPI structure and is
blindly passed to memcpy, allowing the userspace to trash kernel
memory. Bounds check it so the memcpy cannot overflow.
🎖@cveNotify | 8 |
| 6 | 🚨 CVE-2026-46144
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Sashiko points out that mana_ib_cfg_vport_steering() is leaked, the normal
destroy path cleans it up.
🎖@cveNotify | 8 |
| 7 | 🚨 CVE-2026-44505
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the "DHT inconsistent state" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.
🎖@cveNotify | 31 |
| 8 | 🚨 CVE-2026-44963
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
🎖@cveNotify | 26 |
| 9 | 🚨 CVE-2026-47636
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
🎖@cveNotify | 20 |
| 10 | 🚨 CVE-2026-47634
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
🎖@cveNotify | 21 |
| 11 | 🚨 CVE-2026-47291
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
🎖@cveNotify | 16 |
| 12 | 🚨 CVE-2026-47288
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
🎖@cveNotify | 14 |
| 13 | 🚨 CVE-2026-45658
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
🎖@cveNotify | 11 |
| 14 | 🚨 CVE-2026-45657
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
🎖@cveNotify | 10 |
| 15 | 🚨 CVE-2026-45656
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
🎖@cveNotify | 9 |
| 16 | 🚨 CVE-2026-45779
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually.
🎖@cveNotify | 9 |
| 17 | 🚨 CVE-2026-45778
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
🎖@cveNotify | 7 |
| 18 | 🚨 CVE-2026-45777
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
🎖@cveNotify | 10 |
| 19 | 🚨 CVE-2026-46241
In the Linux kernel, the following vulnerability has been resolved:
spi: mpc52xx: fix use-after-free on registration failure
Make sure to disable and free the interrupts in case controller
registration fails to avoid a potential use-after-free and resource
leak.
This issue was flagged by Sashiko when reviewing a controller
deregistration fix.
🎖@cveNotify | 8 |
| 20 | 🚨 CVE-2026-46240
In the Linux kernel, the following vulnerability has been resolved:
media: iris: Fix use-after-free in iris_release_internal_buffers()
The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy
internal buffers after FW releases") introduced a regression where
session_release_buf() may free the buffer. The caller,
iris_release_internal_buffers(), continued to access `buffer` after the
call, leading to a potential use-after-free.
Fix this by setting BUF_ATTR_PENDING_RELEASE before calling
session_release_buf(), and reverting the flag if the call fails. This
ensures no dereference occurs after potential freeing.
🎖@cveNotify | 10 |
