ch
Feedback
CVE Notify

CVE Notify

前往频道在 Telegram

Alert on the latest CVEs Partner channel: @malwr

显示更多
美国2 100技术与应用7 151

📈 Telegram 频道 CVE Notify 的分析概览

频道 CVE Notify (@cvenotify) 英语 语言赛道中的 是活跃参与者。目前社区聚集了 18 824 名订阅者,在 技术与应用 类别中位列第 7 151,并在 美国 地区排名第 2 100

📊 受众指标与增长动态

невідомо 创建以来,项目保持高速增长,吸引了 18 824 名订阅者。

根据 07 六月, 2026 的最新数据,频道保持稳定运转。过去 30 天订阅人数变化为 446,过去 24 小时变化为 15,整体触达仍然可观。

  • 认证状态: 未认证
  • 互动率 (ER): 平均受众互动率为 0.54%。内容发布后 24 小时内通常能获得 0.40% 的反应,占订阅者总量。
  • 帖子覆盖: 每篇帖子平均可获得 101 次浏览,首日通常累积 76 次浏览。
  • 互动与反馈: 受众积极参与,单帖平均反应数为 1
  • 主题关注点: 内容集中在 cve-2026, attack, input, validation, manipulation 等核心主题上。

📝 描述与内容策略

作者将该频道定位为表达主观观点的平台:
Alert on the latest CVEs Partner channel: @malwr

凭借高频更新(最新数据采集于 08 六月, 2026),频道始终保持新鲜度与高覆盖。分析显示受众积极互动,使其成为 技术与应用 类别中的关键影响点。

18 824
订阅者
+1524 小时
+1037
+44630

数据加载中...

相似频道
The Bug Bounty Hunter
47.4K
The Bug Bounty Hunter
BleepingComputer
10.8K
BleepingComputer
Security Harvester
8.7K
Security Harvester
canyoupwn.me
4.9K
canyoupwn.me
Vulnerability Management and more
2.8K
Vulnerability Management and more
avatar
1
更多频道
标签云
cve-202687
attack28
input25
validation24
manipulation23
command21
bandit20
exploit19
parameter16
plugin15
script14
scripting14
exploitation13
argument12
denial12
frame11
mcp11
authorization10
src10
api9
进出提及
---
---
---
---
---
---
吸引订阅者
六月 '26
六月 '26
+111
在0个频道中
五月 '26
+531
在2个频道中
Get PRO
四月 '26
+278
在1个频道中
Get PRO
三月 '26
+266
在2个频道中
Get PRO
二月 '26
+423
在1个频道中
Get PRO
一月 '26
+436
在1个频道中
Get PRO
十二月 '25
+713
在3个频道中
Get PRO
十一月 '25
+453
在1个频道中
Get PRO
十月 '25
+320
在1个频道中
Get PRO
九月 '25
+190
在0个频道中
Get PRO
八月 '25
+198
在0个频道中
Get PRO
七月 '25
+280
在0个频道中
Get PRO
六月 '25
+178
在0个频道中
Get PRO
五月 '25
+207
在0个频道中
Get PRO
四月 '25
+262
在0个频道中
Get PRO
三月 '25
+207
在0个频道中
Get PRO
二月 '25
+179
在0个频道中
Get PRO
一月 '25
+214
在3个频道中
Get PRO
十二月 '24
+299
在0个频道中
Get PRO
十一月 '24
+831
在1个频道中
Get PRO
十月 '24
+997
在2个频道中
Get PRO
九月 '24
+1 432
在1个频道中
Get PRO
八月 '24
+1 728
在3个频道中
Get PRO
七月 '24
+1 253
在2个频道中
Get PRO
六月 '24
+1 168
在2个频道中
Get PRO
五月 '24
+1 342
在0个频道中
Get PRO
四月 '24
+1 457
在1个频道中
Get PRO
三月 '24
+1 255
在2个频道中
Get PRO
二月 '24
+845
在1个频道中
Get PRO
一月 '24
+462
在1个频道中
Get PRO
十二月 '23
+451
在1个频道中
Get PRO
十一月 '23
+140
在1个频道中
Get PRO
十月 '23
+194
在0个频道中
Get PRO
九月 '23
+174
在0个频道中
Get PRO
八月 '23
+179
在0个频道中
Get PRO
七月 '23
+114
在0个频道中
Get PRO
六月 '23
+136
在0个频道中
Get PRO
五月 '23
+108
在0个频道中
Get PRO
四月 '23
+147
在0个频道中
Get PRO
三月 '23
+174
在0个频道中
Get PRO
二月 '23
+108
在0个频道中
Get PRO
一月 '23
+107
在0个频道中
Get PRO
十二月 '22
+102
在0个频道中
Get PRO
十一月 '22
+152
在0个频道中
Get PRO
十月 '22
+74
在0个频道中
Get PRO
九月 '22
+97
在0个频道中
Get PRO
八月 '22
+142
在0个频道中
Get PRO
七月 '22
+93
在0个频道中
Get PRO
六月 '22
+109
在0个频道中
Get PRO
五月 '22
+194
在0个频道中
Get PRO
四月 '22
+94
在0个频道中
Get PRO
三月 '22
+153
在0个频道中
Get PRO
二月 '22
+155
在0个频道中
Get PRO
一月 '22
+160
在0个频道中
Get PRO
十二月 '21
+203
在0个频道中
Get PRO
十一月 '21
+47
在0个频道中
Get PRO
十月 '21
+76
在0个频道中
Get PRO
九月 '21
+88
在0个频道中
Get PRO
八月 '21
+339
在0个频道中
Get PRO
七月 '21
+92
在0个频道中
Get PRO
六月 '21
+5
在0个频道中
Get PRO
五月 '21
+24
在0个频道中
Get PRO
四月 '21
+18
在0个频道中
Get PRO
三月 '21
+37
在0个频道中
Get PRO
二月 '21
+101
在0个频道中
Get PRO
一月 '21
+324
在0个频道中
日期
订阅者增长
提及
频道
08 六月+8
07 六月+15
06 六月+6
05 六月+15
04 六月+35
03 六月+14
02 六月+7
01 六月+11
频道帖子
CVE Notify
🚨 CVE-2026-45300 The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak `Cookie` headers to cross-origin redirect targets. When following a redirect to a different origin, the `propagatedHeaders()` method in `Redirect30xInterceptor.java` strips `Authorization` and `Proxy-Authorization` headers but does not strip the `Cookie` header, causing session cookies and other sensitive cookie values to be sent to attacker-controlled servers. Versions 2.15.0 and 3.0.10 patch the issue. 🎖@cveNotify

2
🚨 CVE-2026-11022 Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) 🎖@cveNotify
39
3
🚨 CVE-2026-11016 Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) 🎖@cveNotify
63
4
🚨 CVE-2026-11014 Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: Medium) 🎖@cveNotify
60
5
🚨 CVE-2026-11011 Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) 🎖@cveNotify
51
6
🚨 CVE-2026-11008 Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 🎖@cveNotify
33
7
🚨 CVE-2026-11007 Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 🎖@cveNotify
26
8
🚨 CVE-2026-42271 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7. 🎖@cveNotify
26
9
🚨 CVE-2026-11308 Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) 🎖@cveNotify
35
10
🚨 CVE-2026-11307 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) 🎖@cveNotify
34
11
🚨 CVE-2026-11306 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) 🎖@cveNotify
28
12
🚨 CVE-2026-11305 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) 🎖@cveNotify
26
13
🚨 CVE-2026-11304 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low) 🎖@cveNotify
25
14
🚨 CVE-2026-11303 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) 🎖@cveNotify
24
15
🚨 CVE-2026-35076 The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. 🎖@cveNotify
52
16
🚨 CVE-2026-35075 An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. 🎖@cveNotify
50
17
🚨 CVE-2026-41704 AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes through format_exception (lines 308-325), which reads exception['blobstore_id'] and also calls download_and_delete_blob. That helper (lines 344-349) calls ResourceManager#get_resource(blob_id) and, in an ensure block, ResourceManager#delete_resource(blob_id). ResourceManager (resource_manager.rb:62-70) calls blobstore.delete(id) on the single shared Director blobstore with no UUID-format check, no ownership check, and no namespace prefix. Affected versions: BOSH Director: All versions prior to v282.1.12 🎖@cveNotify
48
18
🚨 CVE-2026-41009 When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id']; both pass the agent-supplied string unmodified to download_and_delete_blob(blob_id) (line 344-349), which calls @resource_manager.get_resource(blob_id) and, in an ensure block, @resource_manager.delete_resource(blob_id). Api::ResourceManager forwards the id straight to blobstore.get(id) / blobstore.delete(id). When the director is configured with the local blobstore provider, Blobstore::LocalClient#object_file_path(oid) is File.join(@blobstore_path, oid) (local_client.rb:54-56) with no normalisation, so oid = "../../jobs/director/config/director.yml" resolves outside the blobstore root. Affected versions: BOSH Director: All versions prior to v282.1.12 🎖@cveNotify
28
19
🚨 CVE-2026-42009 A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service. 🎖@cveNotify
27
20
🚨 CVE-2026-4255 A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library (DLL) dependencies using the default Windows search order, which includes directories that may be writable by non-privileged users.\n\n\n\nBecause these directories can be modified by unprivileged users, an attacker can place a malicious DLL with the same name as a legitimate dependency in a directory that is searched before trusted system locations. When the application is executed, which is always with administrative privileges, the malicious DLL is loaded instead of the legitimate library.\n\n\n\nThe application does not enforce restrictions on DLL loading locations and does not verify the integrity or digital signature of loaded libraries. As a result, attacker-controlled code may be executed within the security context of the application, allowing arbitrary code execution with elevated privileges.\n\n\n\nSuccessful exploitation requires that an attacker place a crafted malicious DLL in a user-writable directory that is included in the application's DLL search path and then cause the affected application to be executed. Once loaded, the malicious DLL runs with the same privileges as the application.\n\n\n\nThis issue affects \nTR-VISION HOME  versions up to and including 2.0.5. 🎖@cveNotify
34
查看所有帖子