{"vulnerability": "cve-2026-4877", "sightings": [{"uuid": "29f527f4-0b90-4a88-9135-eece466c2e78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4877", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhy6anxugc22", "content": "", "creation_timestamp": "2026-03-26T17:52:45.791523Z"}, {"uuid": "273dea79-48ba-438e-af53-0eddb7969158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://www.acn.gov.it/portale/w/notepad-poc-pubblici-per-le-cve-2026-48800-cve-2026-48778-e-cve-2026-48770", "content": "Disponibili Proof of Concept (PoC) per le CVE-2026-48800, CVE-2026-48778 e CVE-2026-48770 \u2013 gi\u00e0 sanata dal vendor \u2013 presenti nel software \u201cNotepad++\u201d, noto editor di testo avanzato per Windows. Tali vulnerabilit\u00e0, qualora sfruttate, potrebbero consentire ad un utente malintenzionato con accesso locale di eseguire codice arbitrario e compromettere la disponibilit\u00e0 del servizio sui sistemi target.", "creation_timestamp": "2026-05-28T12:51:30.000000Z"}, {"uuid": "fc5b05c9-02bb-4b30-8e6f-759b601eb14e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48770", "type": "seen", "source": "https://www.acn.gov.it/portale/w/notepad-poc-pubblici-per-le-cve-2026-48800-cve-2026-48778-e-cve-2026-48770", "content": "Disponibili Proof of Concept (PoC) per le CVE-2026-48800, CVE-2026-48778 e CVE-2026-48770 \u2013 gi\u00e0 sanata dal vendor \u2013 presenti nel software \u201cNotepad++\u201d, noto editor di testo avanzato per Windows. Tali vulnerabilit\u00e0, qualora sfruttate, potrebbero consentire ad un utente malintenzionato con accesso locale di eseguire codice arbitrario e compromettere la disponibilit\u00e0 del servizio sui sistemi target.", "creation_timestamp": "2026-05-28T12:51:30.000000Z"}, {"uuid": "d1f9a665-dd63-429f-b1de-c6188464d23c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mmzk5ms7vf2l", "content": "\ud83d\udd12 Two RCE vulnerabilities in Notepad++ (CVE-2026-48778, CVE-2026-48800)\n\nTwo high-severity RCE vulnerabilities (CVE-2026-48778, CVE-2026-48800) have been discovered in Notepad++ v8....\n\nhttps://tinyurl.com/mvjtt973 #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-29T22:04:26.702426Z"}, {"uuid": "b85644e7-ac35-42c9-af85-1a416bb73429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mn32y62gra2x", "content": "Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems (CVE-2026-48778 and CVE-2026-48800) #patchmanagement", "creation_timestamp": "2026-05-30T12:38:16.819918Z"}, {"uuid": "97779784-873f-41db-af99-e034cb2924a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://t.me/GithubRedTeam/86539", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-48778-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kavin-jindal\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-30 12:16:42\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-30T13:00:04.000000Z"}, {"uuid": "6e353b71-8f56-46e0-bab5-5466479b08fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://t.me/GithubRedTeam/86575", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-48778\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a XK3NF4\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C++\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-30 17:52:14\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNotepad++ RCE via config.xml commandLineInterpreter\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-30T18:00:04.000000Z"}, {"uuid": "bdcb7935-1441-4b39-a3ea-1a40105ac933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/notepad-plus-plus.org/post/3mn5rlokl3c2g", "content": "Notepad++ new release v8.9.6.2 fixes a bypass scenario in the previously addressed vulnerability (CVE-2026-48778) that was not fully resolved:\nnotepad-plus-plus.org/news/v8962-r...", "creation_timestamp": "2026-05-31T14:28:14.892505Z"}, {"uuid": "5fc9175d-c26e-4db4-a0d6-55024bbe76df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mn6zyh5flz2u", "content": "Top 3 CVE for last 7 days:\nCVE-2026-0257: 28 interactions\nCVE-2026-48778: 21 interactions\nCVE-2026-48095: 19 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-48778: 20 interactions\nCVE-2026-0257: 11 interactions\nCVE-2026-8732: 3 interactions\n", "creation_timestamp": "2026-06-01T02:31:11.811835Z"}, {"uuid": "17420b7b-2f4e-4724-a389-10bb584257e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48770", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116673056260872400", "content": "It is possible to see elevated activities targeting Notepad++ (CVE-2026-48770) https://vuldb.com/vuln/367177/cti", "creation_timestamp": "2026-06-01T04:52:35.223327Z"}, {"uuid": "2c0db4b0-ea22-49ed-a30f-2873f5d6c52d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48770", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/116674085522619236", "content": "Si vous utilisez Notepad++, pensez \u00e0 v\u00e9rifier votre version : la 8.9.6.2 corrige plusieurs vuln\u00e9rabilit\u00e9s, dont certaines pouvant mener \u00e0 l\u2019ex\u00e9cution de code arbitraire. \ud83d\udc47 https://notepad-plus-plus.org/news/v8961-released/\u2b07\ufe0f https://notepad-plus-plus.org/news/v8962-released/\nUn attaquant pourrait tirer parti de fichiers de configuration ou de raccourcis sp\u00e9cialement modifi\u00e9s pour faire ex\u00e9cuter des commandes \u00e0 notre insu dans certains sc\u00e9narios\nUn PoC public circule d\u00e9j\u00e0, ce qui r\u00e9duit le d\u00e9lai entre la divulgation et les tentatives d\u2019exploitation opportunistes.\u2b07\ufe0f https://github.com/atiilla/Notepad-8.9.6-PoC\nDans les news\u2b07\ufe0f https://thecyberexpress.com/notepad-cve-2026-48770-vulnerability/\n#CyberVeille #NotepadPlusPlus", "creation_timestamp": "2026-06-01T09:14:21.097138Z"}, {"uuid": "311ecd17-2735-4ed3-8799-9a4b454dfbaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnbkhiii6g2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-0257: 34 interactions\nCVE-2026-48778: 22 interactions\nCVE-2026-48095: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-41089: 12 interactions\nCVE-2026-8732: 9 interactions\nCVE-2026-44962: 8 interactions\n", "creation_timestamp": "2026-06-02T02:31:15.891369Z"}, {"uuid": "282d6a21-1fcf-4d19-bcc9-a0ab2b295648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "Telegram/l1vE9HUrzRN3YgnBjoD0X2bVt12uBAEnmzNbhS5dacgQt4U", "content": "", "creation_timestamp": "2026-05-30T21:00:04.000000Z"}, {"uuid": "1fbd9b0c-d82f-4343-8846-3a94ecacacc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "Telegram/11w8RI0cRJ2Y_5Y75akm2L08lgCZSwunoJ6IZ7hlmRoONww", "content": "", "creation_timestamp": "2026-05-30T19:00:10.000000Z"}, {"uuid": "3a37fb93-8a6e-4727-ad95-3829b4204e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mne2wpe5722x", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 127 interactions\nCVE-2026-0257: 42 interactions\nCVE-2026-48778: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2025-48595: 127 interactions\nCVE-2026-46243: 12 interactions\nCVE-2026-0257: 8 interactions\n", "creation_timestamp": "2026-06-03T02:31:25.801854Z"}, {"uuid": "4c36d29e-6ac1-4bd6-982b-50bb36abab37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnglfbhxsc2c", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 134 interactions\nCVE-2026-0257: 42 interactions\nCVE-2026-48778: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2025-48595: 7 interactions\nCVE-2026-42897: 7 interactions\nCVE-2026-42945: 5 interactions\n", "creation_timestamp": "2026-06-04T02:31:13.915984Z"}, {"uuid": "60aadf67-5591-4d65-9a50-abf5185c109b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnj3tf3oaw2f", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 136 interactions\nCVE-2026-0257: 43 interactions\nCVE-2026-48778: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-49858: 11 interactions\nCVE-2026-20230: 6 interactions\nCVE-2026-10737: 4 interactions\n", "creation_timestamp": "2026-06-05T02:30:47.115463Z"}, {"uuid": "d51fe5e1-36f6-452c-85bb-4c4985997745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116696141985383127", "content": "Attention, elevated activities detected targeting Notepad++ (CVE-2026-48778) https://vuldb.com/vuln/367178/cti", "creation_timestamp": "2026-06-05T06:43:36.817858Z"}, {"uuid": "cb74d3b8-c1cb-4cb9-a075-cc7a664ad02d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48777", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-qqqm-5547-774x", "content": "", "creation_timestamp": "2026-05-22T17:26:25.000000Z"}, {"uuid": "17cc7d1d-08f0-44fb-b6e4-1e7e0b7de45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48779", "type": "published-proof-of-concept", "source": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "content": "", "creation_timestamp": "2026-05-22T18:05:36.000000Z"}, {"uuid": "39380ac8-2096-4e37-a804-30c5a0ec8ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mogqshhr2u2f", "content": "CVE-2026-48777 - FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory\nCVE ID : CVE-2026-48777\n \n Published : June 16, 2026, 8:16 p.m. | 52\u00a0minutes ago\n \n Description : FileBrowser Quantum is a free, self-hosted, web-based file mana...", "creation_timestamp": "2026-06-16T21:33:16.270572Z"}, {"uuid": "22a4d6a3-af49-4b5d-a42a-ee11e2db122d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48779", "type": "seen", "source": "https://gist.github.com/djlan/becffd7152d874641e42038b1b748f54", "content": "# PR \u89e3\u91ca: [SECURITY] bump ws from 6.2.3 to 6.2.4\n\nDependabot \u9488\u5bf9 CVE-2026-48779 \u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff0c\u5c06 WebSocket \u5e93 `ws` \u4ece 6.2.3 \u5347\u7ea7\u81f3 6.2.4\uff0c\u4fee\u590d\u4e86\u6d88\u606f\u5206\u7247\u5185\u5b58\u672a\u9650\u5236\u7684\u5b89\u5168\u95ee\u9898\u3002\n\n**PR \u94fe\u63a5**: https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412\n**\u4f5c\u8005**: Dependabot\n**\u72b6\u6001**: active\n**\u5206\u652f**: `dependabot/npm_and_yarn/ws-6.2.4-3632050` \u2192 `main`\n**\u53d8\u66f4\u7edf\u8ba1**: 4 files changed\n\n## \u76ee\u5f55\n- [\u53d8\u66f4\u6982\u89c8](#\u53d8\u66f4\u6982\u89c8)\n- [\u5f71\u54cd\u5206\u6790](#\u5f71\u54cd\u5206\u6790)\n\n---\n\n## \u53d8\u66f4\u6982\u89c8\n\n### 1. \u4f9d\u8d56\u7248\u672c\u58f0\u660e\u66f4\u65b0\n\n**\u76ee\u7684**: \u5c06 `ws` \u5305\u7684\u6700\u4f4e\u7248\u672c\u8981\u6c42\u4ece 6.2.3 \u63d0\u5347\u81f3 6.2.4\uff0c\u4ee5\u4fee\u590d CVE-2026-48779 \u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff08\u6d88\u606f\u5206\u7247\u4fdd\u7559\u672a\u505a\u9650\u5236\uff0c\u53ef\u5bfc\u81f4\u5185\u5b58\u8017\u5c3d\u653b\u51fb\uff09\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [extensions/common/package.json](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/extensions/common/package.json&_a=files) \u2014 common \u6269\u5c55\u7684 ws \u4f9d\u8d56\u7248\u672c\u58f0\u660e\n- [extensions/remote/package.json](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/extensions/remote/package.json&_a=files) \u2014 remote \u6269\u5c55\u7684 ws \u4f9d\u8d56\u7248\u672c\u58f0\u660e\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **ws \u7248\u672c\u7ea6\u675f\u5347\u7ea7**: \u4e24\u4e2a package.json \u4e2d `\"ws\": \"^6.2.3\"` \u66f4\u65b0\u4e3a `\"ws\": \"^6.2.4\"`\uff0c\u786e\u4fdd\u5b89\u88c5\u65f6\u4e0d\u4f1a\u89e3\u6790\u5230\u542b\u6f0f\u6d1e\u7684\u65e7\u7248\u672c\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n### 2. \u9501\u6587\u4ef6\u66f4\u65b0\uff08pnpm-lock.yaml\uff09\n\n**\u76ee\u7684**: \u9501\u5b9a\u5b9e\u9645\u5b89\u88c5\u7684 ws \u7248\u672c\u4e3a 6.2.4\uff0c\u540c\u65f6\u66f4\u65b0\u56e0\u4f9d\u8d56\u6811\u53d8\u5316\u800c\u53d7\u5f71\u54cd\u7684\u95f4\u63a5\u4f9d\u8d56\u89e3\u6790\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [pnpm-lock.yaml](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/pnpm-lock.yaml&_a=files) \u2014 \u5168\u4ed3\u5e93\u4f9d\u8d56\u9501\u6587\u4ef6\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **ws \u76f4\u63a5\u4f9d\u8d56\u9501\u5b9a**: `ws@6.2.3` \u2192 `ws@6.2.4`\uff0c\u5305\u542b\u5b89\u5168\u4fee\u590d\u8865\u4e01\uff08\u9650\u5236\u4fdd\u7559\u7684\u6d88\u606f\u5206\u7247\u6570\u91cf\uff09\u3002\n2. **ws \u95f4\u63a5\u5347\u7ea7**: `ws@8.18.3` \u2192 `ws@8.21.0`\uff0c\u88ab `@jupyterlab/services` \u548c `jsdom` \u7b49\u5305\u95f4\u63a5\u5f15\u7528\u3002\n3. **isomorphic-ws \u7ed1\u5b9a\u66f4\u65b0**: `isomorphic-ws@5.0.0(ws@6.2.3)` \u2192 `isomorphic-ws@5.0.0(ws@6.2.4)`\uff0c\u786e\u4fdd WebSocket \u9002\u914d\u5c42\u4f7f\u7528\u4fee\u590d\u540e\u7684\u7248\u672c\u3002\n4. **Babel \u76f8\u5173\u95f4\u63a5\u4f9d\u8d56\u5237\u65b0**: `@babel/code-frame`\u3001`@babel/helper-validator-identifier`\u3001`@babel/runtime` \u65b0\u589e 7.29.7 \u7248\u672c\u89e3\u6790\u6761\u76ee\uff0c\u5c5e\u4e8e `@testing-library/dom` \u4f9d\u8d56\u6811\u7684\u6b63\u5e38\u66f4\u65b0\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n## \u5f71\u54cd\u5206\u6790\n\n- **\u5f71\u54cd\u8303\u56f4**: \u6240\u6709\u4f7f\u7528 WebSocket \u901a\u4fe1\u7684\u6a21\u5757\uff08common \u548c remote \u6269\u5c55\uff09\uff0c\u4ee5\u53ca\u901a\u8fc7 jsdom/jupyterlab \u95f4\u63a5\u4f7f\u7528 ws \u7684\u6d4b\u8bd5\u548c Notebook \u529f\u80fd\u3002\n- **\u7528\u6237\u611f\u77e5**: \u7528\u6237\u65e0\u611f\u77e5\u53d8\u5316\u3002\u6b64\u4e3a\u5b89\u5168\u8865\u4e01\u5347\u7ea7\uff0c\u4e0d\u5f71\u54cd\u529f\u80fd\u884c\u4e3a\uff0c\u4ec5\u4fee\u590d\u6f5c\u5728\u7684\u62d2\u7edd\u670d\u52a1\uff08DoS\uff09\u653b\u51fb\u5411\u91cf\u3002\n- **\u98ce\u9669\u70b9**:\n  1. **ws 8.x \u8de8\u5927\u7248\u672c\u8df3\u8dc3**: `ws@8.18.3` \u2192 `ws@8.21.0` \u8df3\u8dc3\u4e86\u591a\u4e2a\u6b21\u7248\u672c\uff0c\u867d\u7136 semver \u4fdd\u8bc1\u5411\u540e\u517c\u5bb9\uff0c\u4f46 `@jupyterlab/services` \u548c `jsdom` \u7684 WebSocket \u884c\u4e3a\u53ef\u80fd\u5b58\u5728\u7ec6\u5fae\u5dee\u5f02\uff0c\u5efa\u8bae\u8fd0\u884c\u96c6\u6210\u6d4b\u8bd5\u9a8c\u8bc1 Notebook \u8fde\u63a5\u548c DOM \u6a21\u62df\u573a\u666f\u3002\n  2. **Babel \u95f4\u63a5\u4f9d\u8d56\u53d8\u52a8**: \u65b0\u589e\u4e86 `@babel/code-frame@7.29.7` \u7b49\u6761\u76ee\uff0c\u5c5e\u4e8e lockfile \u89e3\u6790\u7684\u6b63\u5e38\u53d8\u52a8\uff0c\u98ce\u9669\u6781\u4f4e\uff0c\u4f46\u82e5\u6784\u5efa\u8fc7\u7a0b\u5bf9 Babel \u7248\u672c\u6709\u4e25\u683c\u7ea6\u675f\u9700\u7559\u610f\u3002\n  3. **\u8865\u4e01\u4ec5\u4e3a backport**: ws 6.2.4 \u662f\u5c06\u4e3b\u7ebf\u4fee\u590d\u56de\u79fb\u81f3 6.x \u5206\u652f\uff0c\u957f\u671f\u6765\u770b 6.x \u5df2\u63a5\u8fd1 EOL\uff0c\u5efa\u8bae\u540e\u7eed\u89c4\u5212\u5347\u7ea7\u5230 ws 8.x \u4e3b\u7ebf\u7248\u672c\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n", "creation_timestamp": "2026-06-17T00:09:20.000000Z"}, {"uuid": "98b5e9cb-20e2-4dcc-ac9b-57df21ad05cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48779", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moh44f7g7h2h", "content": "CVE-2026-48779 - ws: Memory exhaustion DoS from tiny fragments and data chunks\nCVE ID : CVE-2026-48779\n \n Published : June 16, 2026, 9:26 p.m. | 2\u00a0hours, 6\u00a0minutes ago\n \n Description : ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to ...", "creation_timestamp": "2026-06-17T00:55:40.769044Z"}, {"uuid": "61b201b7-1959-4090-9ab7-efe9c4bd932b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48773", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mood3toclx2h", "content": "CVE-2026-48773 - ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling\nCVE ID : CVE-2026-48773\n \n Published : June 19, 2026, 7:27 p.m. | 2\u00a0hours, 16\u00a0minutes ago\n \n Description : ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Version...", "creation_timestamp": "2026-06-19T21:49:16.561601Z"}, {"uuid": "c87ec097-b1f1-4ce1-8bc7-0173e58f768e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moodtrcp2c2g", "content": "CVE-2026-48774 - ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract\nCVE ID : CVE-2026-48774\n \n Published : June 19, 2026, 7:34 p.m. | 2\u00a0hours, 8\u00a0minutes ago\n \n Description : ProxySQL is a proxy for MySQL and its forks, as we...", "creation_timestamp": "2026-06-19T22:02:40.081216Z"}, {"uuid": "1a13abc3-0c31-43fa-9409-f047262709af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48772", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mooef5dho623", "content": "CVE-2026-48772 - ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL\nCVE ID : CVE-2026-48772\n \n Published : June 19, 2026, 7:28 p.m. | 2\u00a0hours, 14\u00a0minutes ago\n \n Description : ProxySQL is a proxy for MySQL and its forks, as...", "creation_timestamp": "2026-06-19T22:12:24.695639Z"}, {"uuid": "16b94a2a-11fb-4013-878f-925e17694dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48772", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116780553070568538", "content": "CVE-2026-48772 (CRITICAL): ProxySQL 2.0.0 \u2013 3.0.8 lets attackers spoof source IPs via PROXY protocol v1, bypassing routing & ACLs. Upgrade to 3.0.9 or later. Restrict frontend port access. Details: https://radar.offseq.com/threat/cve-2026-48772-cwe-348-use-of-less-trusted-source--40b83fbf2f9ef184 #OffSeq #ProxySQL #CVE202648772 #Security", "creation_timestamp": "2026-06-20T04:30:27.479838Z"}, {"uuid": "b43eed77-4b3f-4037-8f56-de531641daa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48772", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moozj7zulg2u", "content": "ProxySQL 2.0.0 \u2013 3.0.8 (CVE-2026-48772, CRITICAL) lets attackers spoof source IPs, bypassing DB routing & ACLs. Upgrade to 3.0.9+ and restrict port access. https://radar.offseq.com/threat/cve-2026-48772-cwe-348-use-of-less-trusted-source--40b83fbf2f9ef184 #OffSeq #ProxySQL #Security", "creation_timestamp": "2026-06-20T04:30:28.590020Z"}, {"uuid": "3de2bf1f-3539-46fe-8ce4-f3d65098398d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48773", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116780906773492544", "content": "ProxySQL (2.0.18 \u2013 3.0.8) hit by CRITICAL CVE-2026-48773: pre-auth heap memory corruption (CWE-787) allows remote unauthenticated attackers to trigger out-of-bounds write. Upgrade to 3.0.9 ASAP. https://radar.offseq.com/threat/cve-2026-48773-cwe-787-out-of-bounds-write-in-syso-7cef27326cf25a33 #OffSeq #ProxySQL #CVE202648773 #infosec", "creation_timestamp": "2026-06-20T06:00:24.737268Z"}, {"uuid": "00faf4db-07f2-4656-ae18-8a98986409a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48773", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mop6k2y7ws2l", "content": "CRITICAL: ProxySQL v2.0.18 \u2013 3.0.8 vulnerable to heap memory corruption (CVE-2026-48773). Remote unauthenticated attackers may execute code or cause DoS. Upgrade to 3.0.9 now. https://radar.offseq.com/threat/cve-2026-48773-cwe-787-out-of-bounds-write-in-syso-7cef27326cf25a33 #OffSeq #ProxySQL #CV...", "creation_timestamp": "2026-06-20T06:00:25.408944Z"}, {"uuid": "a0e4551f-28e7-4878-b385-73dc89c8ec82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48773", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3moqe2henii2t", "content": "CVE-2026-48773 - Critical RCE in Proxysql. Pre-auth heap memory corruption via oversized packet. CVSS 9.8. Patch to v3.0.9 immediately. #CVE #infosec #Proxysql\n\nhttps://www.valtersit.com/cve/CVE-2026-48773/", "creation_timestamp": "2026-06-20T17:11:43.398998Z"}, {"uuid": "ba6640e7-b114-4278-ab02-3321b82732cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48772", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3moutqahcyf2j", "content": "CVE-2026-48772 - Critical Unauthorized Access in ProxySQL. CVSS 10.0. Vulnerable versions 2.0.0-3.0.8 accept malformed PROXY UNKNOWN headers, bypassing authentication. No patch available. Upgrade or disable PROXY protocol immediately. #CVE ...\n\nhttps://www.valtersit.com/cve/CVE-2026-48772/", "creation_timestamp": "2026-06-22T12:03:00.082635Z"}, {"uuid": "3825f255-8900-49c0-86fb-b8afd5c89885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48779", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3moxe4pqxbq2x", "content": "\n\ud83d\udea8 New HIGH CVE detected in AWS Lambda \ud83d\udea8\nCVE-2026-48779 impacts ws in 3 Lambda base images.\n\nDetails: https://github.com/aws/aws-lambda-base-images/issues/577\nMore: https://lambdawatchdog.com/\n\n#AWS #Lambda #CVE #CloudSecurity #Serverless", "creation_timestamp": "2026-06-23T12:01:37.488865Z"}, {"uuid": "ff9a23b2-7f09-48db-89b3-26ceeb9a09e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48770", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moxesahlrk2n", "content": "Notepad++\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u653b\u6483\u304c\u53ef\u80fd\u306b\u306a\u308b\u6050\u308c\u304c\u3042\u308b\n\nNotepad++\u306f\u3001\u7279\u5b9a\u306e\u6761\u4ef6\u4e0b\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\u3059\u308b\u91cd\u5927\u306a\u6b20\u9665\u3092\u542b\u3080\u3001\u8907\u6570\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306b\u5bfe\u51e6\u3059\u308b\u305f\u3081\u3001\u30d0\u30fc\u30b8\u30e7\u30f38.9.6.1\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u307e\u3057\u305f\u3002\n\n2026\u5e745\u670826\u65e5\u306b\u516c\u958b\u3055\u308c\u305f\u3053\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3067\u306f\u3001CVE-2026-48770\u3001CVE-2026-48778\u3001\u304a\u3088\u3073CVE-2026-48800\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b3\u3064\u306e\u8106\u5f31\u6027\u304c\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u554f\u984c\u306f\u30d0\u30fc\u30b8\u30e7\u30f38.9.6\u307e\u3067\u306b\u5f71\u97ff\u3057\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u4e0d\u9069\u5207\u306a\u53d6\u308a\u6271\u3044\u306b\u95a2\u9023\u3059\u308b\u30ea\u30b9\u30af\u3092\u6d6e\u304d\u5f6b\u308a\u306b\u3057\u3066\u3044\u307e\u3059\u3002", "creation_timestamp": "2026-06-23T12:13:41.810129Z"}, {"uuid": "adf64a8c-9b4e-4e17-a63d-6579b13e75de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moxesahlrk2n", "content": "Notepad++\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u653b\u6483\u304c\u53ef\u80fd\u306b\u306a\u308b\u6050\u308c\u304c\u3042\u308b\n\nNotepad++\u306f\u3001\u7279\u5b9a\u306e\u6761\u4ef6\u4e0b\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\u3059\u308b\u91cd\u5927\u306a\u6b20\u9665\u3092\u542b\u3080\u3001\u8907\u6570\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306b\u5bfe\u51e6\u3059\u308b\u305f\u3081\u3001\u30d0\u30fc\u30b8\u30e7\u30f38.9.6.1\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u307e\u3057\u305f\u3002\n\n2026\u5e745\u670826\u65e5\u306b\u516c\u958b\u3055\u308c\u305f\u3053\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3067\u306f\u3001CVE-2026-48770\u3001CVE-2026-48778\u3001\u304a\u3088\u3073CVE-2026-48800\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b3\u3064\u306e\u8106\u5f31\u6027\u304c\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u554f\u984c\u306f\u30d0\u30fc\u30b8\u30e7\u30f38.9.6\u307e\u3067\u306b\u5f71\u97ff\u3057\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u4e0d\u9069\u5207\u306a\u53d6\u308a\u6271\u3044\u306b\u95a2\u9023\u3059\u308b\u30ea\u30b9\u30af\u3092\u6d6e\u304d\u5f6b\u308a\u306b\u3057\u3066\u3044\u307e\u3059\u3002", "creation_timestamp": "2026-06-23T12:13:41.840730Z"}, {"uuid": "22cfda24-0451-40af-80aa-8ee0a27fd11d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48770", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7x5pvrvb22", "content": "CVE-2026-48770 - Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash\nCVE ID : CVE-2026-48770\n \n Published : June 26, 2026, 8:22 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in t...", "creation_timestamp": "2026-06-26T22:03:30.244901Z"}, {"uuid": "0a376628-2cc8-43a4-b6b1-571bebdae342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7yf2fsvo2l", "content": "CVE-2026-48778 - Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter\nCVE ID : CVE-2026-48778\n \n Published : June 26, 2026, 8:21 p.m. | 1\u00a0hour, 23\u00a0minutes ago\n \n Description : Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the \n ...", "creation_timestamp": "2026-06-26T22:25:29.820992Z"}, {"uuid": "267c50da-12b7-4f0c-8093-f5983d6c6f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpbxfpwbnc22", "content": "CVE-2026-48778 - Supply chain attack in Notepad++ pre-8.9.6.1. Unsanitized config.xml input leads to arbitrary command execution via File > Open Containing Folder > cmd. CVSS 7.8. No patch available. Disable feature or isolate. #CVE #Notepa...\n\nhttps://www.valtersit.com/cve/CVE-2026-48778/", "creation_timestamp": "2026-06-27T17:13:18.095696Z"}, {"uuid": "4d39548c-0440-4080-921b-7686192eee52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48778", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpdt2zdadd2y", "content": "\ud83d\udfe0 CVE-2026-48778 - High (7.8)\n\nNotepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the  tag in config.xml ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48778/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-28T11:01:04.250422Z"}]}