CVE Notify

前往频道在 Telegram

Alert on the latest CVEs Partner channel: @malwr

显示更多

📈 Telegram 频道 CVE Notify 的分析概览

频道 CVE Notify (@cvenotify) 英语语言赛道中的是活跃参与者。目前社区聚集了 19 014 名订阅者，在 技术与应用 类别中位列第 7 013，并在美国地区排名第 2 046 位。

📊 受众指标与增长动态

自 невідомо 创建以来，项目保持高速增长，吸引了 19 014 名订阅者。

根据 28 六月, 2026 的最新数据，频道保持稳定运转。过去 30 天订阅人数变化为 321，过去 24 小时变化为 0，整体触达仍然可观。

认证状态： 未认证
互动率 (ER)： 平均受众互动率为 0.17%。内容发布后 24 小时内通常能获得 0.14% 的反应，占订阅者总量。
帖子覆盖： 每篇帖子平均可获得 33 次浏览，首日通常累积 26 次浏览。
互动与反馈： 受众积极参与，单帖平均反应数为 1。
主题关注点： 内容集中在 cve-2026, attack, input, validation, manipulation 等核心主题上。

📝 描述与内容策略

作者将该频道定位为表达主观观点的平台：
“Alert on the latest CVEs Partner channel: @malwr”

凭借高频更新（最新数据采集于 29 六月, 2026），频道始终保持新鲜度与高覆盖。分析显示受众积极互动，使其成为 技术与应用 类别中的关键影响点。

19 014

订阅者

无数据24 小时

+317 天

+32130 天

帖子浏览量

~ 2624 小时

~ 6148 小时

0.17%

参与率

~ 392

每日帖子数

Ads index

beta

数据加载中...

相似频道

48.1K

The Bug Bounty Hunter

Vulnerability Management and more

更多频道

标签云

进出提及

---

吸引订阅者

六月 '26

+314

在0个频道中

五月 '26

+531

在2个频道中

Get PRO

四月 '26

+278

在1个频道中

Get PRO

三月 '26

+266

在3个频道中

Get PRO

二月 '26

+423

在1个频道中

Get PRO

一月 '26

+436

在1个频道中

Get PRO

十二月 '25

+713

在3个频道中

Get PRO

十一月 '25

+453

在1个频道中

Get PRO

十月 '25

+320

在1个频道中

Get PRO

九月 '25

+190

在0个频道中

Get PRO

八月 '25

+198

在0个频道中

Get PRO

七月 '25

+280

在0个频道中

Get PRO

六月 '25

+178

在0个频道中

Get PRO

五月 '25

+207

在0个频道中

Get PRO

四月 '25

+262

在0个频道中

Get PRO

三月 '25

+207

在0个频道中

Get PRO

二月 '25

+179

在0个频道中

Get PRO

一月 '25

+214

在3个频道中

Get PRO

十二月 '24

+299

在0个频道中

Get PRO

十一月 '24

+831

在1个频道中

Get PRO

十月 '24

+997

在2个频道中

Get PRO

九月 '24

+1 432

在1个频道中

Get PRO

八月 '24

+1 728

在3个频道中

Get PRO

七月 '24

+1 253

在2个频道中

Get PRO

六月 '24

+1 168

在2个频道中

Get PRO

五月 '24

+1 342

在0个频道中

Get PRO

四月 '24

+1 457

在1个频道中

Get PRO

三月 '24

+1 255

在2个频道中

Get PRO

二月 '24

+845

在1个频道中

Get PRO

一月 '24

+462

在1个频道中

Get PRO

十二月 '23

+451

在1个频道中

Get PRO

十一月 '23

+140

在1个频道中

Get PRO

十月 '23

+194

在0个频道中

Get PRO

九月 '23

+174

在0个频道中

Get PRO

八月 '23

+179

在0个频道中

Get PRO

七月 '23

+114

在0个频道中

Get PRO

六月 '23

+136

在0个频道中

Get PRO

五月 '23

+108

在0个频道中

Get PRO

四月 '23

+147

在0个频道中

Get PRO

三月 '23

+174

在0个频道中

Get PRO

二月 '23

+108

在0个频道中

Get PRO

一月 '23

+107

在0个频道中

Get PRO

十二月 '22

+102

在0个频道中

Get PRO

十一月 '22

+152

在0个频道中

Get PRO

十月 '22

+74

在0个频道中

Get PRO

九月 '22

+97

在0个频道中

Get PRO

八月 '22

+142

在0个频道中

Get PRO

七月 '22

+93

在0个频道中

Get PRO

六月 '22

+109

在0个频道中

Get PRO

五月 '22

+194

在0个频道中

Get PRO

四月 '22

+94

在0个频道中

Get PRO

三月 '22

+153

在0个频道中

Get PRO

二月 '22

+155

在0个频道中

Get PRO

一月 '22

+160

在0个频道中

Get PRO

十二月 '21

+203

在0个频道中

Get PRO

十一月 '21

+47

在0个频道中

Get PRO

十月 '21

+76

在0个频道中

Get PRO

九月 '21

+88

在0个频道中

Get PRO

八月 '21

+339

在0个频道中

Get PRO

七月 '21

+92

在0个频道中

Get PRO

六月 '21

在0个频道中

Get PRO

五月 '21

+24

在0个频道中

Get PRO

四月 '21

+18

在0个频道中

Get PRO

三月 '21

+37

在0个频道中

Get PRO

二月 '21

+101

在0个频道中

Get PRO

一月 '21

+324

在0个频道中

日期	订阅者增长	提及	频道
24 六月	+8
23 六月	+12
22 六月	+15
21 六月	+7
20 六月	+10
19 六月	+10
18 六月	+2
17 六月	+6
16 六月	+4
15 六月	+26
14 六月	+14
13 六月	+13
12 六月	+17
11 六月	+15
10 六月	+11
09 六月	+18
08 六月	+23
07 六月	+15
06 六月	+6
05 六月	+15
04 六月	+35
03 六月	+14
02 六月	+7
01 六月	+11

频道帖子

🚨 CVE-2026-58057 Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can thereby inject NODE_OPTIONS --require and execute arbitrary code in the Flowise server context. 🎖@cveNotify

2	🚨 CVE-2026-58055 nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning. 🎖@cveNotify	4
3	🚨 CVE-2026-58052 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched and NTFS canonicalizes it to the same stream, overwriting the propagated Internet-zone marker with ZoneId=0. A second STM record named '::$DATA' overwrites the extracted file's default data stream, letting an attacker defeat SmartScreen/MotW warnings and spoof file content. 🎖@cveNotify	3
4	🚨 CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot. 🎖@cveNotify	2
5	🚨 CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation. 🎖@cveNotify	2
6	🚨 CVE-2026-33560 The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server. 🎖@cveNotify	2
7	🚨 CVE-2026-31928 The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access. 🎖@cveNotify	2
8	🚨 CVE-2026-36908 A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. 🎖@cveNotify	6
9	🚨 CVE-2026-36907 A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. 🎖@cveNotify	5
10	🚨 CVE-2026-36478 An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components 🎖@cveNotify	5
11	🚨 CVE-2026-39031 Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required. 🎖@cveNotify	3
12	🚨 CVE-2026-38641 An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library. 🎖@cveNotify	2
13	🚨 CVE-2026-38639 An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input. 🎖@cveNotify	2
14	🚨 CVE-2026-4339 Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635 🎖@cveNotify	2
15	🚨 CVE-2026-3472 Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619 🎖@cveNotify	2
16	🚨 CVE-2026-8658 OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction. 🎖@cveNotify	2
17	🚨 CVE-2026-8666 OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands. 🎖@cveNotify	2
18	🚨 CVE-2026-8665 OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction. 🎖@cveNotify	2
19	🚨 CVE-2026-8664 OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction. 🎖@cveNotify	2
20	🚨 CVE-2026-8660 OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands. 🎖@cveNotify	2

查看所有帖子