Aggregator

CVE-2026-34756 | vllm-project vLLM up to 0.18.x HTTP Request allocation of resources (GHSA-3mwp-wvh9-7528)

VulDB Recent Entries
6 days 14 hours ago
A vulnerability categorized as problematic has been discovered in vllm-project vLLM up to 0.18.x. Affected is an unknown function of the component HTTP Request Handler. Executing a manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2026-34756. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-31354 | Feehi CMS 2.1.1 Permissions Group/Category/Description cross site scripting (ID 85)

VulDB Recent Entries
6 days 14 hours ago
A vulnerability was found in Feehi CMS 2.1.1. It has been classified as problematic. The impacted element is an unknown function of the component Permissions Module. This manipulation of the argument Group/Category/Description causes cross site scripting. The identification of this vulnerability is CVE-2026-31354. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-34950 | nearform fast-jwt up to 6.1.0 JSON Web Token fast-jwt/src/crypto.js risky encryption (GHSA-mvf2-f6gm-w987)

VulDB Recent Entries
6 days 14 hours ago
A vulnerability was found in nearform fast-jwt up to 6.1.0 and classified as problematic. The affected element is an unknown function of the file fast-jwt/src/crypto.js of the component JSON Web Token Handler. The manipulation results in risky cryptographic algorithm. This vulnerability was named CVE-2026-34950. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-47374 | Qualcomm Snapdragon CCW/Snapdragon Compute FastConnect 6900 up to XRV7209 use after free

VulDB Recent Entries
6 days 14 hours ago
A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon CCW and Snapdragon Compute. This vulnerability affects unknown code. Performing a manipulation results in use after free. This vulnerability is known as CVE-2025-47374. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-34951 | forceworkbench up to 64.x Error Page footerScripts cross site scripting (GHSA-j94x-h584-rjf9)

VulDB Recent Entries
6 days 14 hours ago
A vulnerability classified as problematic was found in forceworkbench up to 64.x. This affects an unknown part of the component Error Page. Such manipulation of the argument footerScripts leads to cross site scripting. This vulnerability is traded as CVE-2026-34951. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2024-14032 | Twitch Studio up to 0.114.8 XPC Service authorization

VulDB Recent Entries
6 days 14 hours ago
A vulnerability classified as critical has been found in Twitch Studio up to 0.114.8. Affected by this issue is some unknown functionality of the component XPC Service. This manipulation causes missing authorization. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2024-14032. The attack requires local access. There is no available exploit.
vuldb.com

CVE-2025-47389 | Qualcomm Snapdragon Auto up to XRV9209 buffer overflow

VulDB Recent Entries
6 days 14 hours ago
A vulnerability described as critical has been identified in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Edge Cloud AI, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables. Affected by this vulnerability is an unknown functionality. The manipulation results in buffer overflow. This vulnerability is reported as CVE-2025-47389. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-34378 | AcademySoftwareFoundation OpenEXR up to 3.4.8 EXR File Parser generic_unpack integer overflow (GHSA-v76p-4qvv-vh4g)

VulDB Recent Entries
6 days 14 hours ago
A vulnerability labeled as problematic has been found in AcademySoftwareFoundation OpenEXR up to 3.4.8. This impacts the function generic_unpack of the component EXR File Parser. Executing a manipulation can lead to integer overflow. This vulnerability is registered as CVE-2026-34378. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks

Cyber Security News
6 days 14 hours ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, mandating federal agencies to remediate by April 9, 2026. CVE-2026-35616 is a critical-severity flaw rooted in CWE-284 (Improper Access Control), carrying a CVSS score […]

The post CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Guru Baran

Managed ad