Aggregator

CVE-2026-21413 | LibRaw 0b56545/d20315b File lossless_jpeg_load_raw array index (TALOS-2026-2331)

5 days ago

A vulnerability described as critical has been identified in LibRaw 0b56545/d20315b. Affected by this issue is the function lossless_jpeg_load_raw of the component File Handler. The manipulation results in improper validation of array index. This vulnerability is reported as CVE-2026-21413. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

vuldb.com

CVE-2026-20889 | LibRaw d20315b File x3f_thumb_loader integer overflow (TALOS-2026-2358)

VulDB Recent Entries

5 days ago

A vulnerability marked as critical has been reported in LibRaw d20315b. Affected by this vulnerability is the function x3f_thumb_loader of the component File Handler. The manipulation leads to integer overflow. This vulnerability is documented as CVE-2026-20889. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2026-20911 | LibRaw 0b56545/d20315b File HuffTable::initval buffer size (TALOS-2026-2330)

VulDB Recent Entries

5 days ago

A vulnerability labeled as critical has been found in LibRaw 0b56545/d20315b. Affected is the function HuffTable::initval of the component File Handler. Executing a manipulation can lead to incorrect calculation of buffer size. This vulnerability is registered as CVE-2026-20911. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

vuldb.com

CVE-2026-20884 | LibRaw File deflate_dng_load_raw integer overflow (TALOS-2026-2364)

VulDB Recent Entries

5 days ago

A vulnerability identified as problematic has been detected in LibRaw. This impacts the function deflate_dng_load_raw of the component File Handler. Performing a manipulation results in integer overflow. This vulnerability is cataloged as CVE-2026-20884. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

vuldb.com

Human vs. AI: Debates Shape RSAC 2026 Cybersecurity Trends

darkreading

5 days ago

As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making.

Alexander Culafi, Kristina Beek

Россия набрала 4 балла из 100 в рейтинге свободы интернета. Хуже только в КНДР

Securitylab.ru

5 days ago

Список 11 стран, набравших максимум баллов.

DragonForce

Dark Feed IO

5 days ago

You must login to view this content

cohenido

DragonForce

Dark Feed IO

5 days ago

You must login to view this content

cohenido

Lies, Damned Lies, and Cybersecurity Metrics

darkreading

5 days ago

A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn't improving results.

Joan Goodchild

Akira

Dark Feed IO

5 days ago

You must login to view this content

cohenido

Akira

Dark Feed IO

5 days ago

You must login to view this content

cohenido

CVE-2024-49645 | Ilias Gomatos Affiliate Platform Plugin up to 1.4.8 on WordPress cross site scripting

Vuldb Updates

5 days ago

A vulnerability, which was classified as problematic, has been found in Ilias Gomatos Affiliate Platform Plugin up to 1.4.8 on WordPress. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-49645. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2024-49640 | AmaderCode Lab ACL Floating Cart for WooCommerce Plugin up to 0.9 on WordPress cross site scripting

Vuldb Updates

5 days ago

A vulnerability described as problematic has been identified in AmaderCode Lab ACL Floating Cart for WooCommerce Plugin up to 0.9 on WordPress. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2024-49640. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2024-47640 | weDevs WP ERP Plugin up to 1.13.2 on WordPress cross site scripting

Vuldb Updates

5 days ago

A vulnerability, which was classified as problematic, has been found in weDevs WP ERP Plugin up to 1.13.2 on WordPress. The affected element is an unknown function. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2024-47640. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-49632 | Coral Web Design CWD 3D Image Gallery Plugin up to 1.0 on WordPress cross site scripting

Vuldb Updates

5 days ago

A vulnerability has been found in Coral Web Design CWD 3D Image Gallery Plugin up to 1.0 on WordPress and classified as problematic. This affects an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-49632. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2024-49634 | Rimon Habib BP Member Type Manager Plugin up to 1.01 on WordPress cross site scripting

Vuldb Updates

5 days ago

A vulnerability was found in Rimon Habib BP Member Type Manager Plugin up to 1.01 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2024-49634. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2024-49639 | Edward Stoever Monitor.chat Plugin up to 1.1.1 on WordPress cross site scripting

Vuldb Updates

5 days ago

A vulnerability was found in Edward Stoever Monitor.chat Plugin up to 1.1.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2024-49639. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2024-50459 | HM Plugin Stripe Donation and Payment Plugin up to 3.2.3 on WordPress authorization

Vuldb Updates

5 days ago

A vulnerability classified as problematic was found in HM Plugin Stripe Donation and Payment Plugin up to 3.2.3 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2024-50459. The attack can be executed remotely. There is not any exploit available.

vuldb.com

Why Your Automated Pentesting Tool Just Hit a Wall

Bleeping Computer.

5 days ago

Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Threat intelligence | Microsoft Security Blog

5 days ago

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure.

The post SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

Aggregator

Managed ad