#cwe-362 主题 - Cyber Security Daily Radar

CVE-2026-26206

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the configured threshold (max_login_attempts, default 50) is enforced correctly for sequential requests, a par

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)

💡 风险点: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | LLM 评分加成 (+0.4)

CVE-2026-7351

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)

Cyber Security Daily Radar

#cwe-362

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protect...

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user...

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome E...