اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
CVE Notify
رفتن به کانال در Telegram
Alert on the latest CVEs Partner channel: @malwr
نمایش بیشتر📈 تحلیل کانال تلگرام CVE Notify
کانال CVE Notify (@cvenotify) در بخش زبانی انگلیسی بازیگری فعال است. در حال حاضر جامعه شامل 19 014 مشترک است و جایگاه 7 027 را در دسته فناوری و برنامهها و رتبه 2 051 را در منطقه الولايات المتحدة الأمريكية دارد.
📊 شاخصهای مخاطب و پویایی
از زمان ایجاد در невідомо، پروژه رشد سریعی داشته و 19 014 مشترک جذب کرده است.
بر اساس آخرین دادهها در تاریخ 25 ژوئن, 2026، کانال فعالیت پایداری دارد. در ۳۰ روز گذشته تغییر اعضا برابر 351 و در ۲۴ ساعت گذشته برابر 0 بوده و همچنان دسترسی گستردهای حفظ شده است.
- وضعیت تأیید: تأیید نشده
- نرخ تعامل (ER): میانگین تعامل مخاطب 0.21% است و در ۲۴ ساعت نخست پس از انتشار، محتوا معمولاً 0.12% واکنش نسبت به کل مشترکان کسب میکند.
- دسترسی پستها: هر پست به طور میانگین 40 بازدید دریافت میکند. در اولین روز معمولاً 23 بازدید جمعآوری میشود.
- واکنشها و تعامل: مخاطبان بهطور فعال حمایت میکنند؛ میانگین واکنش به هر پست 1 است.
- علایق موضوعی: محتوا بر موضوعات کلیدی مانند cve-2026, attack, input, validation, manipulation تمرکز دارد.
📝 توضیح و سیاست محتوایی
نویسنده این فضا را محل بیان دیدگاههای شخصی توصیف میکند:
“Alert on the latest CVEs
Partner channel: @malwr”
به لطف بهروزرسانیهای پرتکرار (آخرین داده در تاریخ 26 ژوئن, 2026)، کانال همواره بهروز و دارای دسترسی بالاست. تحلیلها نشان میدهد مخاطبان بهطور فعال با محتوا تعامل دارند و آن را به نقطه اثرگذاری مهم در دسته فناوری و برنامهها تبدیل کردهاند.
19 014
مشترکین
اطلاعاتی وجود ندارد24 ساعت
+527 روز
+35130 روز
در حال بارگیری داده...
کانالهای مشابه
ابر برچسبها
اشارات ورودی و خروجی
---
---
---
---
---
---
جذب مشترکین
ژوئن '26
ژوئن '26
+314
در 0 کانالها
مه '26
+531
در 2 کانالها
Get PRO
آوریل '26
+278
در 1 کانالها
Get PRO
مارس '26
+266
در 3 کانالها
Get PRO
فوریه '26
+423
در 1 کانالها
Get PRO
ژانویه '26
+436
در 1 کانالها
Get PRO
دسامبر '25
+713
در 3 کانالها
Get PRO
نوامبر '25
+453
در 1 کانالها
Get PRO
اکتبر '25
+320
در 1 کانالها
Get PRO
سپتامبر '25
+190
در 0 کانالها
Get PRO
اوت '25
+198
در 0 کانالها
Get PRO
ژوئیه '25
+280
در 0 کانالها
Get PRO
ژوئن '25
+178
در 0 کانالها
Get PRO
مه '25
+207
در 0 کانالها
Get PRO
آوریل '25
+262
در 0 کانالها
Get PRO
مارس '25
+207
در 0 کانالها
Get PRO
فوریه '25
+179
در 0 کانالها
Get PRO
ژانویه '25
+214
در 3 کانالها
Get PRO
دسامبر '24
+299
در 0 کانالها
Get PRO
نوامبر '24
+831
در 1 کانالها
Get PRO
اکتبر '24
+997
در 2 کانالها
Get PRO
سپتامبر '24
+1 432
در 1 کانالها
Get PRO
اوت '24
+1 728
در 3 کانالها
Get PRO
ژوئیه '24
+1 253
در 2 کانالها
Get PRO
ژوئن '24
+1 168
در 2 کانالها
Get PRO
مه '24
+1 342
در 0 کانالها
Get PRO
آوریل '24
+1 457
در 1 کانالها
Get PRO
مارس '24
+1 255
در 2 کانالها
Get PRO
فوریه '24
+845
در 1 کانالها
Get PRO
ژانویه '24
+462
در 1 کانالها
Get PRO
دسامبر '23
+451
در 1 کانالها
Get PRO
نوامبر '23
+140
در 1 کانالها
Get PRO
اکتبر '23
+194
در 0 کانالها
Get PRO
سپتامبر '23
+174
در 0 کانالها
Get PRO
اوت '23
+179
در 0 کانالها
Get PRO
ژوئیه '23
+114
در 0 کانالها
Get PRO
ژوئن '23
+136
در 0 کانالها
Get PRO
مه '23
+108
در 0 کانالها
Get PRO
آوریل '23
+147
در 0 کانالها
Get PRO
مارس '23
+174
در 0 کانالها
Get PRO
فوریه '23
+108
در 0 کانالها
Get PRO
ژانویه '23
+107
در 0 کانالها
Get PRO
دسامبر '22
+102
در 0 کانالها
Get PRO
نوامبر '22
+152
در 0 کانالها
Get PRO
اکتبر '22
+74
در 0 کانالها
Get PRO
سپتامبر '22
+97
در 0 کانالها
Get PRO
اوت '22
+142
در 0 کانالها
Get PRO
ژوئیه '22
+93
در 0 کانالها
Get PRO
ژوئن '22
+109
در 0 کانالها
Get PRO
مه '22
+194
در 0 کانالها
Get PRO
آوریل '22
+94
در 0 کانالها
Get PRO
مارس '22
+153
در 0 کانالها
Get PRO
فوریه '22
+155
در 0 کانالها
Get PRO
ژانویه '22
+160
در 0 کانالها
Get PRO
دسامبر '21
+203
در 0 کانالها
Get PRO
نوامبر '21
+47
در 0 کانالها
Get PRO
اکتبر '21
+76
در 0 کانالها
Get PRO
سپتامبر '21
+88
در 0 کانالها
Get PRO
اوت '21
+339
در 0 کانالها
Get PRO
ژوئیه '21
+92
در 0 کانالها
Get PRO
ژوئن '21
+5
در 0 کانالها
Get PRO
مه '21
+24
در 0 کانالها
Get PRO
آوریل '21
+18
در 0 کانالها
Get PRO
مارس '21
+37
در 0 کانالها
Get PRO
فوریه '21
+101
در 0 کانالها
Get PRO
ژانویه '21
+324
در 0 کانالها
| تاریخ | رشد مشترکین | اشارات | کانالها | |
| 24 ژوئن | +8 | |||
| 23 ژوئن | +12 | |||
| 22 ژوئن | +15 | |||
| 21 ژوئن | +7 | |||
| 20 ژوئن | +10 | |||
| 19 ژوئن | +10 | |||
| 18 ژوئن | +2 | |||
| 17 ژوئن | +6 | |||
| 16 ژوئن | +4 | |||
| 15 ژوئن | +26 | |||
| 14 ژوئن | +14 | |||
| 13 ژوئن | +13 | |||
| 12 ژوئن | +17 | |||
| 11 ژوئن | +15 | |||
| 10 ژوئن | +11 | |||
| 09 ژوئن | +18 | |||
| 08 ژوئن | +23 | |||
| 07 ژوئن | +15 | |||
| 06 ژوئن | +6 | |||
| 05 ژوئن | +15 | |||
| 04 ژوئن | +35 | |||
| 03 ژوئن | +14 | |||
| 02 ژوئن | +7 | |||
| 01 ژوئن | +11 |
پستهای کانال
🚨 CVE-2026-8330
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint.
🎖@cveNotify
| 2 | 🚨 CVE-2026-5952
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite protected Maven package metadata due to incorrect authorization checks.
🎖@cveNotify | 4 |
| 3 | 🚨 CVE-2026-3176
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization checks.
🎖@cveNotify | 7 |
| 4 | 🚨 CVE-2026-2238
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization checks.
🎖@cveNotify | 8 |
| 5 | 🚨 CVE-2026-1606
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.
🎖@cveNotify | 7 |
| 6 | 🚨 CVE-2026-12635
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through mirror synchronization due to improper URL validation.
🎖@cveNotify | 7 |
| 7 | 🚨 CVE-2026-12053
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.
🎖@cveNotify | 6 |
| 8 | 🚨 CVE-2026-11379
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.
🎖@cveNotify | 5 |
| 9 | 🚨 CVE-2026-10712
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.
🎖@cveNotify | 3 |
| 10 | 🚨 CVE-2026-10086
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of another user's session, due to improper sanitization of user-supplied input.
🎖@cveNotify | 2 |
| 11 | 🚨 CVE-2026-0934
GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configurations despite CI/CD visibility being disabled for the project.
🎖@cveNotify | 2 |
| 12 | 🚨 CVE-2026-53765
Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync() to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDG_RUNTIME_DIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-<uid>/daemon.pid. Because the write does not use O_NOFOLLOW, a local low-privilege user on the same POSIX host can pre-create /tmp/chrome-devtools-mcp-<victim_uid>/daemon.pid as a symlink to a file writable by the victim. When the victim later starts daemon mode, fs.writeFileSync() follows the symlink and truncates the target file to the daemon PID string. This vulnerability is fixed in 1.1.0.
🎖@cveNotify | 2 |
| 13 | 🚨 CVE-2020-9695
Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
🎖@cveNotify | 2 |
| 14 | 🚨 CVE-2026-45845
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: fix NULL pointer dereference in class dump
When a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft()
is called with new == NULL and stores NULL into q->qdiscs[cl - 1].
Subsequent RTM_GETTCLASS dump operations walk all classes via
taprio_walk() and call taprio_dump_class(), which calls taprio_leaf()
returning the NULL pointer, then dereferences it to read child->handle,
causing a kernel NULL pointer dereference.
The bug is reachable with namespace-scoped CAP_NET_ADMIN on any kernel
with CONFIG_NET_SCH_TAPRIO enabled. On systems with unprivileged user
namespaces enabled, an unprivileged local user can trigger a kernel
panic by creating a taprio qdisc inside a new network namespace,
grafting an explicit child qdisc, deleting it, and requesting a class
dump. The RTM_GETTCLASS dump itself requires no capability.
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]
RIP: 0010:taprio_dump_class (net/sched/sch_taprio.c:2478)
Call Trace:
<TASK>
tc_fill_tclass (net/sched/sch_api.c:1966)
qdisc_class_dump (net/sched/sch_api.c:2326)
taprio_walk (net/sched/sch_taprio.c:2514)
tc_dump_tclass_qdisc (net/sched/sch_api.c:2352)
tc_dump_tclass_root (net/sched/sch_api.c:2370)
tc_dump_tclass (net/sched/sch_api.c:2431)
rtnl_dumpit (net/core/rtnetlink.c:6864)
netlink_dump (net/netlink/af_netlink.c:2325)
rtnetlink_rcv_msg (net/core/rtnetlink.c:6959)
netlink_rcv_skb (net/netlink/af_netlink.c:2550)
</TASK>
Fix this by substituting &noop_qdisc when new is NULL in
taprio_graft(), a common pattern used by other qdiscs (e.g.,
multiq_graft()) to ensure the q->qdiscs[] slots are never NULL.
This makes control-plane dump paths safe without requiring individual
NULL checks.
Since the data-plane paths (taprio_enqueue and taprio_dequeue_from_txq)
previously had explicit NULL guards that would drop/skip the packet
cleanly, update those checks to test for &noop_qdisc instead. Without
this, packets would reach taprio_enqueue_one() which increments the root
qdisc's qlen and backlog before calling the child's enqueue; noop_qdisc
drops the packet but those counters are never rolled back, permanently
inflating the root qdisc's statistics.
After this change *old can be a valid qdisc, NULL, or &noop_qdisc.
Only call qdisc_put(*old) in the first case to avoid decreasing
noop_qdisc's refcount, which was never increased.
🎖@cveNotify | 2 |
| 15 | 🚨 CVE-2026-45844
In the Linux kernel, the following vulnerability has been resolved:
netfilter: arp_tables: fix IEEE1394 ARP payload parsing
Weiming Shi says:
"arp_packet_match() unconditionally parses the ARP payload assuming two
hardware addresses are present (source and target). However,
IPv4-over-IEEE1394 ARP (RFC 2734) omits the target hardware address
field, and arp_hdr_len() already accounts for this by returning a
shorter length for ARPHRD_IEEE1394 devices.
As a result, on IEEE1394 interfaces arp_packet_match() advances past a
nonexistent target hardware address and reads the wrong bytes for both
the target device address comparison and the target IP address. This
causes arptables rules to match against garbage data, leading to
incorrect filtering decisions: packets that should be accepted may be
dropped and vice versa.
The ARP stack in net/ipv4/arp.c (arp_create and arp_process) already
handles this correctly by skipping the target hardware address for
ARPHRD_IEEE1394. Apply the same pattern to arp_packet_match()."
Mangle the original patch to always return 0 (no match) in case user
matches on the target hardware address which is never present in
IEEE1394.
Note that this returns 0 (no match) for either normal and inverse match
because matching in the target hardware address in ARPHRD_IEEE1394 has
never been supported by arptables. This is intentional, matching on the
target hardware address should never evaluate true for ARPHRD_IEEE1394.
Moreover, adjust arpt_mangle to drop the packet too as AI suggests:
In arpt_mangle, the logic assumes a standard ARP layout. Because
IEEE1394 (FireWire) omits the target hardware address, the linear
pointer arithmetic miscalculates the offset for the target IP address.
This causes mangling operations to write to the wrong location, leading
to packet corruption. To ensure safety, this patch drops packets
(NF_DROP) when mangling is requested for these fields on IEEE1394
devices, as the current implementation cannot correctly map the FireWire
ARP payload.
This omits both mangling target hardware and IP address. Even if IP
address mangling should be possible in IEEE1394, this would require
to adjust arpt_mangle offset calculation, which has never been
supported.
Based on patch from Weiming Shi <bestswngs@gmail.com>.
🎖@cveNotify | 3 |
| 16 | 🚨 CVE-2026-45843
In the Linux kernel, the following vulnerability has been resolved:
slip: bound decode() reads against the compressed packet length
slhc_uncompress() parses a VJ-compressed TCP header by advancing a
pointer through the packet via decode() and pull16(). Neither helper
bounds-checks against isize, and decode() masks its return with
& 0xffff so it can never return the -1 that callers test for -- those
error paths are dead code.
A short compressed frame whose change byte requests optional fields
lets decode() read past the end of the packet. The over-read bytes
are folded into the cached cstate and reflected into subsequent
reconstructed packets.
Make decode() and pull16() take the packet end pointer and return -1
when exhausted. Add a bounds check before the TCP-checksum read.
The existing == -1 tests now do what they were always meant to.
🎖@cveNotify | 3 |
| 17 | 🚨 CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved:
slip: reject VJ receive packets on instances with no rstate array
slhc_init() accepts rslots == 0 as a valid configuration, with the
documented meaning of 'no receive compression'. In that case the
allocation loop in slhc_init() is skipped, so comp->rstate stays
NULL and comp->rslot_limit stays 0 (from the kzalloc of struct
slcompress).
The receive helpers do not defend against that configuration.
slhc_uncompress() dereferences comp->rstate[x] when the VJ header
carries an explicit connection ID, and slhc_remember() later assigns
cs = &comp->rstate[...] after only comparing the packet's slot number
to comp->rslot_limit. Because rslot_limit is 0, slot 0 passes the
range check, and the code dereferences a NULL rstate.
The configuration is reachable in-tree through PPP. PPPIOCSMAXCID
stores its argument in a signed int, and (val >> 16) uses arithmetic
shift. Passing 0xffff0000 therefore sign-extends to -1, so val2 + 1
is 0 and ppp_generic.c ends up calling slhc_init(0, 1). Because
/dev/ppp open is gated by ns_capable(CAP_NET_ADMIN), the whole path
is reachable from an unprivileged user namespace. Once the malformed
VJ state is installed, any inbound VJ-compressed or VJ-uncompressed
frame that selects slot 0 crashes the kernel in softirq context:
Oops: general protection fault, probably for non-canonical
address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:slhc_uncompress (drivers/net/slip/slhc.c:519)
Call Trace:
<TASK>
ppp_receive_nonmp_frame (drivers/net/ppp/ppp_generic.c:2466)
ppp_input (drivers/net/ppp/ppp_generic.c:2359)
ppp_async_process (drivers/net/ppp/ppp_async.c:492)
tasklet_action_common (kernel/softirq.c:926)
handle_softirqs (kernel/softirq.c:623)
run_ksoftirqd (kernel/softirq.c:1055)
smpboot_thread_fn (kernel/smpboot.c:160)
kthread (kernel/kthread.c:436)
ret_from_fork (arch/x86/kernel/process.c:164)
</TASK>
Reject the receive side on such instances instead of touching rstate.
slhc_uncompress() falls through to its existing 'bad' label, which
bumps sls_i_error and enters the toss state. slhc_remember() mirrors
that with an explicit sls_i_error increment followed by slhc_toss();
the sls_i_runt counter is not used here because a missing rstate is
an internal configuration state, not a runt packet.
The transmit path is unaffected: the only in-tree caller that picks
rslots from userspace (ppp_generic.c) still supplies tslots >= 1, and
slip.c always calls slhc_init(16, 16), so comp->tstate remains valid
and slhc_compress() continues to work.
🎖@cveNotify | 3 |
| 18 | 🚨 CVE-2026-42258
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
🎖@cveNotify | 5 |
| 19 | 🚨 CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
🎖@cveNotify | 6 |
| 20 | 🚨 CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
🎖@cveNotify | 6 |
