{"vulnerability": "cve-2026-25592", "sightings": [{"uuid": "3e312ca0-7b85-431d-aa98-44fb63fbfa6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mehy2qgikh2b", "content": "", "creation_timestamp": "2026-02-10T03:03:55.620538Z"}, {"uuid": "78307500-46d6-4472-91ac-80ab1d60713c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-25592", "type": "seen", "source": "https://bsky.app/profile/cyberlensai.bsky.social/post/3mfxqtnjn2t2f", "content": "", "creation_timestamp": "2026-03-01T03:02:29.049723Z"}, {"uuid": "25802404-9552-4182-9f04-4c6268c80604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tkaj2tn2r", "content": "", "creation_timestamp": "2026-02-06T21:21:48.283651Z"}, {"uuid": "3ac092f8-6c05-49ce-848a-9a1434ac76e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-25592", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116030060248069413", "content": "", "creation_timestamp": "2026-02-07T15:30:15.330249Z"}, {"uuid": "6ba36c1c-42ce-486a-afa6-f10f7cb1fc52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://gist.github.com/alon710/52261fea2d6335abf9dd90d11344bc38", "content": "", "creation_timestamp": "2026-02-09T08:10:05.000000Z"}, {"uuid": "deb737f4-a269-440a-b1eb-1f406a159cbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-25592", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mebqelw2me2u", "content": "", "creation_timestamp": "2026-02-07T15:30:16.822462Z"}, {"uuid": "beb60644-1525-4f1b-b71d-132b9548f7dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "published-proof-of-concept", "source": "https://t.me/poxek/5896", "content": "\u041b\u043e\u0432\u0438\u0442\u0435 \u0432\u043a\u0443\u0441\u043d\u044b\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438 \n#Microsoft #Gods #OpenSTAManager #Signal #CVE #RCE\n\n\u27a1\ufe0f SDK Microsoft Semantic Kernel (CVE-2026-25592, CVSS 10.0) \u2014 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 SessionsPythonPlugin \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f arbitrary file write \u0447\u0435\u0440\u0435\u0437 path traversal. \u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043c\u043e\u0436\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0431\u0435\u0437 \u0443\u0447\u0430\u0441\u0442\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440.\n\n\u27a1\ufe0f Gogs (CVE-2025-64175, CVSS 7.7) \u2014 self-hosted Git-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 Gogs (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 2FA) \u0441\u043b\u043e\u043c\u0430\u043d\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 recovery-\u043a\u043e\u0434\u0430 \u0432 UseRecoveryCode. \u041a\u043e\u0434 \u0438\u0449\u0435\u0442\u0441\u044f \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e \u043f\u043e \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u0438 \u043a \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0443. \u0417\u043d\u0430\u044f \u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u0436\u0435\u0440\u0442\u0432\u044b, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 recovery-\u043a\u043e\u0434, \u0447\u0442\u043e\u0431\u044b \u043e\u0431\u043e\u0439\u0442\u0438 2FA \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0447\u0443\u0436\u0443\u044e \u0443\u0447\u0435\u0442\u043a\u0443. PoC \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u0435\u043d: \u0441\u043e\u0437\u0434\u0430\u0435\u0448\u044c \u0441\u0432\u043e\u0439 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u2192 \u0431\u0435\u0440\u0435\u0448\u044c \u043a\u043e\u0434 \u2192 \u043b\u043e\u0433\u0438\u043d\u0438\u0448\u044c\u0441\u044f \u043f\u043e\u0434 \u0436\u0435\u0440\u0442\u0432\u043e\u0439.\n\n\u27a1\ufe0f OpenSTAManager (CVE-2026-24417, CVSS 8.7) \u2014 time-based blind SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u0432 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u043c \u043f\u043e\u0438\u0441\u043a\u0435 /ajax_search.php, \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 term GET. \u0412\u0432\u043e\u0434 \u0432 LIKE-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\u0445 \u043d\u0435 \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u043e 10+ \u043c\u043e\u0434\u0443\u043b\u044f\u043c (\u0410\u0440\u0442\u0438\u043a\u0443\u043b\u044b, \u0417\u0430\u043a\u0430\u0437\u044b, \u0424\u0430\u043a\u0442\u0443\u0440\u044b, \u041a\u043e\u043d\u0442\u0440\u0430\u0433\u0435\u043d\u0442\u044b \u0438 \u0434\u0440.). \u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0442\u044f\u0433\u0438\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 SLEEP() \u0441 \u0430\u043c\u043f\u043b\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0438 (\u043f\u0430\u0440\u0430\u043b\u043b\u0435\u043b\u044c\u043d\u044b\u0439 \u0437\u0430\u043f\u0443\u0441\u043a \u043f\u043e \u043c\u043e\u0434\u0443\u043b\u044f\u043c \u2014 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0430 \u00d785), \u0447\u0442\u043e\u0431\u044b \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f DoS \u0438 \u0443\u0442\u0435\u0447\u043a\u0438 \u0445\u044d\u0448\u0435\u0439 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0415\u0441\u0442\u044c PoC.\n\n\u27a1\ufe0f Signal (CVE-2026-23515, CVSS 9.9) \u2014 OS command injection \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u043b\u0435 navigation.datetime \u0432 WebSocket delta-\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u0445. \u0412\u0432\u043e\u0434 \u0438\u043d\u0442\u0435\u0440\u043f\u043e\u043b\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 sh -c \"command\" \u0431\u0435\u0437 \u0441\u0430\u043d\u0438\u0442\u0438\u0437\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 shell-\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u0415\u0441\u043b\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u2014 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u0430\u0433\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u041f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u044e \u0434\u043e root \u043f\u0440\u0438 \u043f\u043b\u043e\u0445\u043e\u0439 sudo-\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u0415\u0441\u0442\u044c PoC.\n\n\u27a1\ufe0f Microsoft Office (CVE-2026-21509, CVSS 7.8) \u2014 \u043e\u0431\u0445\u043e\u0434 OLE-\u0437\u0430\u0449\u0438\u0442 \u0447\u0435\u0440\u0435\u0437 reliance on untrusted inputs. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043e\u0437\u0434\u0430\u0435\u0442 weaponized RTF/Word-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u0438 \u0447\u0435\u0440\u0435\u0437 WebDAV + COM hijacking \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 malware. \u041e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u0444\u0430\u0439\u043b\u0430 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE. \u0410\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f APT28 \u0432 targeted-\u0430\u0442\u0430\u043a\u0430\u0445. \u0415\u0441\u0442\u044c educational PoC \u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0441\u044d\u043c\u043f\u043b\u043e\u0432 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-02-09T10:31:54.000000Z"}, {"uuid": "626c5a15-fdca-4a8c-882a-8694d5771e42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://t.me/poxek/5911", "content": "\u041b\u043e\u0432\u0438\u0442\u0435 \u0432\u043a\u0443\u0441\u043d\u044b\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438\n#GitLab #CVE #Apple #Apache #RCE #WordPress #Microsoft \n\n\u25aa\ufe0f GitLab CE/EE (CVE-2025-7659, CVSS 9.1) \u2014 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Web IDE. \u041d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 (\u043f\u0440\u0438 \u0443\u0447\u0430\u0441\u0442\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043a\u0440\u0430\u0436\u0435 \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u043c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c.\n\n\u25aa\ufe0f Apple macOS, iOS, iPadOS, visionOS (CVE-2026-20677, CVSS 9.0) \u2014 race condition \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0441\u044b\u043b\u043e\u043a, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c Shortcut. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 shortcut \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 sandbox-\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u043e\u043c \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435. \u0418\u043c\u043f\u0430\u043a\u0442 \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u0434\u0430\u043d\u043d\u044b\u043c \u0432\u043d\u0435 \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u044b\u0445 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 sandbox.\n\n\u25aa\ufe0f Apache Avro Java SDK (CVE-2025-33042, CVSS 7.3) \u2014 code injection \u043f\u0440\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 Java-\u043a\u043e\u0434\u0430 (specific records) \u0438\u0437 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 Avro-\u0441\u0445\u0435\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0437\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c \u043a\u043e\u0434\u043e\u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438. \u041f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 malicious-\u0441\u0445\u0435\u043c\u044b \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438\u043b\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043a\u043b\u0430\u0441\u0441\u043e\u0432, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438\u043b\u0438 \u0443\u0442\u0435\u0447\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u25aa\ufe0fWordPress-\u043f\u043b\u0430\u0433\u0438\u043d WPvivid Backup &amp; Migration (CVE-2026-1357, CVSS 9.8) \u2014 unauthenticated arbitrary file upload, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a RCE. \u0417\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 0.9.123 \u2014 \u0431\u043e\u043b\u0435\u0435 900 \u0442\u044b\u0441\u044f\u0447 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a. \u0418\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 RSA-\u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0441\u0430\u043d\u0438\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0435\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 PHP-\u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 wpvivid_action=send_to_site. \u041f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u043e\u043f\u0446\u0438\u0438 receive backup from another site \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u043f\u043e\u043b\u043d\u0430\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0430\u0439\u0442\u0430: \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u043a\u0440\u0430\u0436\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u0432.\n\n\u25aa\ufe0f SDK Microsoft Semantic Kernel (CVE-2026-25592, CVSS 9.9) \u2014 arbitrary file write \u0447\u0435\u0440\u0435\u0437 path traversal \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 SessionsPythonPlugin, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u0434\u043b\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u0438 \u043a\u043e\u0434\u0430 \u0432 AI-\u0430\u0433\u0435\u043d\u0442\u0430\u0445. \u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043c\u043e\u0436\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0431\u0435\u0437 \u0443\u0447\u0430\u0441\u0442\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440/\u0445\u043e\u0441\u0442, \u0433\u0434\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d Semantic Kernel .NET SDK, \u043f\u0443\u0442\u0435\u043c \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u043c localFilePath \u0432 \u043c\u0435\u0442\u043e\u0434\u0430\u0445 DownloadFileAsync \u0438\u043b\u0438 UploadFileAsync. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u0432 \u0440\u044f\u0434\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u0434\u043e\u0431\u0438\u0432\u0430\u0442\u044c\u0441\u044f RCE \u0438\u043b\u0438 \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0437\u0430\u0445\u0432\u0430\u0442\u0430 AI-\u0430\u0433\u0435\u043d\u0442\u0430.\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-02-16T07:16:25.000000Z"}, {"uuid": "74119259-e0c5-49cc-ba7b-9a52ad982f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://bsky.app/profile/ai-nerd.bsky.social/post/3mll3rb2hyg2n", "content": "microsoft semantic kernel exposed DownloadFileAsync as a callable kernel function. any prompt injection could write files anywhere on the host.\n\npatched in 1.71.0. https://nvd.nist.gov/vuln/detail/CVE-2026-25592", "creation_timestamp": "2026-05-11T10:44:31.054922Z"}, {"uuid": "00018eba-4249-4e92-84c1-7a108fcdbb72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmxikgplyz2a", "content": "Top 3 CVE for last 7 days:\nCVE-2026-69: 19 interactions\nCVE-2026-26980: 17 interactions\nCVE-2026-46333: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-35616: 10 interactions\nCVE-2026-25592: 7 interactions\nCVE-2026-26030: 7 interactions\n", "creation_timestamp": "2026-05-29T02:30:29.957793Z"}, {"uuid": "a6382c7c-dcca-4e9c-a17e-e8c1c9b21c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116535698755654805", "content": "(microsoft.com) Critical Vulnerabilities in Microsoft Semantic Kernel: From Prompt Injection to Remote Code Execution\nCritical vulnerabilities in Microsoft Semantic Kernel (CVE-2026-25592, CVE-2026-26030) enable prompt injection to escalate to host-level RCE or arbitrary file writes, exposing systemic risks in AI agent frameworks.\nIn brief - Two CVEs in Microsoft Semantic Kernel demonstrate how prompt injection can bypass security boundaries, leading to RCE or file writes. Patched via responsible disclosure, but highlights urgent need for secure AI agent architectures.\nTechnically - CVE-2026-26030 exploits unsafe string interpolation in the In-Memory Vector Store\u2019s filter functionality, allowing `eval()`-based RCE via crafted prompts. CVE-2026-25592 abuses exposed `DownloadFileAsync` in the .NET SDK to write files to arbitrary locations, including Startup folders. Exploit chains involve AST traversal and sandbox escape. Mitigations: upgrade, AST allowlists, and tool exposure restrictions. Detection queries provided for post-exploitation activity.\nSource: https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-07T22:42:34.764960Z"}, {"uuid": "6ad49244-b58d-48d2-ba1f-c5263ba059cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mmvjwkyd662s", "content": "Microsoft \u304c\u81ea\u5206\u3067\u66f8\u3044\u305f\u2014\u2014\u300cWhen prompts become shells\u300d\u3002\n\nSemantic Kernel \u306b prompt injection \u2192 RCE \u304c2\u672c\u3002CVE-2026-25592(.NET)\u3001CVE-2026-26030(Python)\u3002Copilot \u306e\u88cf\u3067\u52d5\u304fAI\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3060\u3002\u26a0\ufe0f\n\nhttps://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/", "creation_timestamp": "2026-05-28T07:49:51.016230Z"}, {"uuid": "f7d05b8d-7260-482c-aa84-4b1231da9950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mmvjwll2642x", "content": "2\u672c\u306e\u6bba\u3057\u65b9\u3002\n\nPython\uff08CVE-2026-26030\uff09\uff1a\u30d9\u30af\u30c8\u30eb\u691c\u7d22\u306e\u30d5\u30a3\u30eb\u30bf\u30fc\u5024\u304c eval() \u306b\u6e21\u3063\u3066\u305f\u3002\u30d7\u30ed\u30f3\u30d7\u30c81\u672c\u3067 calc.exe \u8d77\u52d5\u30022026\u5e74\u306b eval() injection\u2014\u2014\u5197\u8ac7\u304b\u3088\u3002\ud83d\udc8e\n\n.NET\uff08CVE-2026-25592\uff09\uff1a\u30d5\u30a1\u30a4\u30ebDL\u95a2\u6570\u306b [KernelFunction] \u5c5e\u6027\u304c\u3064\u3044\u3066\u3066 LLM \u304b\u3089\u76f4\u63a5\u547c\u3079\u305f\u3002\u30d1\u30b9\u691c\u8a3c\u30bc\u30ed\u3002Startup \u30d5\u30a9\u30eb\u30c0\u306b payload \u66f8\u304d\u8fbc\u307f \u2192 \u6b21\u306e\u30ed\u30b0\u30a4\u30f3\u3067 RCE \u5b8c\u8d70\u3002\ud83d\udd4a\ufe0f\n\n\u5c5e\u6027\u30bf\u30b01\u500b\u306e\u4ed8\u3051\u9593\u9055\u3044\u3067\u3001\u30db\u30b9\u30c8\u307e\u3067\u8cab\u901a\u3057\u3066\u305f\u3002", "creation_timestamp": "2026-05-28T07:49:51.857177Z"}]}