Aggregator

SLH

Dark Feed IO
6 days 8 hours ago

You must login to view this content

cohenido

Paramount Warner Bros Merger: A New Media Empire

Penetration Testing Tools - Metepreter.org
6 days 8 hours ago

Following months of intense scrutiny, the U.S. Department of Justice formally approved Paramount Skydance’s monumental acquisition of Warner Bros. Discovery. Consequently, this landmark transaction drastically diminishes mainstream media competition. Furthermore, it heralds a watershed...

The post Paramount Warner Bros Merger: A New Media Empire appeared first on Information Security News.

ddos

CVE-2026-12198 | Microweber up to 2.0.20 API Endpoint thumbnail_img userfiles_path cache_path_relative path traversal (Issue 1172)

VulDB Recent Entries
6 days 8 hours ago
A vulnerability categorized as critical has been discovered in Microweber up to 2.0.20. This affects the function userfiles_path of the file /api_nosession/thumbnail_img of the component API Endpoint. Executing a manipulation of the argument cache_path_relative can lead to path traversal. This vulnerability is registered as CVE-2026-12198. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12197 | Ruijie EG105G-P 2.340 JSON-RPC Diagnose Endpoint diagnose nslookup params.target command injection

VulDB Recent Entries
6 days 9 hours ago
A vulnerability was found in Ruijie EG105G-P 2.340. It has been rated as critical. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. This vulnerability is cataloged as CVE-2026-12197. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12193 | VS Revo RevoUninstaller 2.5.x/2.6.x IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

VulDB Recent Entries
6 days 9 hours ago
A vulnerability was found in VS Revo RevoUninstaller 2.5.x/2.6.x. It has been declared as critical. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2026-12193. The attack must be carried out locally. In addition, an exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-12192 | GALAYOU Y4 1.0.0 Web Server buffer overflow

VulDB Recent Entries
6 days 9 hours ago
A vulnerability was found in GALAYOU Y4 1.0.0. It has been classified as critical. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2026-12192. The attack is only possible within the local network. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12191 | Comma AI Openpilot 0.11 Pickle modeld.py pickle.load/pickle.loads deserialization

VulDB Recent Entries
6 days 9 hours ago
A vulnerability was found in Comma AI Openpilot 0.11 and classified as critical. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. This vulnerability is identified as CVE-2026-12191. The attack is only possible with local access. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12190 | Genspark AI Workspace App 2.8.4 on Android ai.mainfunc.genspark improper authorization in handler for custom url scheme

VulDB Recent Entries
6 days 9 hours ago
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android and classified as problematic. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. This vulnerability is referenced as CVE-2026-12190. The attack can only be performed from a local environment. No exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12189 | Moovit Bus & Public Transit App 1.18 on Android com.tranzmate improper authorization in handler for custom url scheme

VulDB Recent Entries
6 days 9 hours ago
A vulnerability, which was classified as problematic, was found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The identification of this vulnerability is CVE-2026-12189. The attack can only be executed locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12188 | Grit42 Grit up to 0.11.0 GritEntityController grit_entity_controller.rb sql injection

VulDB Recent Entries
6 days 9 hours ago
A vulnerability, which was classified as critical, has been found in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController. Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-12188. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad