Aggregator

CVE-2026-20911 | LibRaw 0b56545/d20315b File HuffTable::initval buffer size (TALOS-2026-2330)

1 day 21 hours ago

A vulnerability labeled as critical has been found in LibRaw 0b56545/d20315b. Affected is the function HuffTable::initval of the component File Handler. Executing a manipulation can lead to incorrect calculation of buffer size. This vulnerability is registered as CVE-2026-20911. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

vuldb.com

CVE-2026-20884 | LibRaw File deflate_dng_load_raw integer overflow (TALOS-2026-2364)

VulDB Recent Entries

1 day 21 hours ago

A vulnerability identified as problematic has been detected in LibRaw. This impacts the function deflate_dng_load_raw of the component File Handler. Performing a manipulation results in integer overflow. This vulnerability is cataloged as CVE-2026-20884. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

vuldb.com

Human vs. AI: Debates Shape RSAC 2026 Cybersecurity Trends

darkreading

1 day 21 hours ago

As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making.

Alexander Culafi, Kristina Beek

Россия набрала 4 балла из 100 в рейтинге свободы интернета. Хуже только в КНДР

Securitylab.ru

1 day 21 hours ago

Список 11 стран, набравших максимум баллов.

DragonForce

Dark Feed IO

1 day 21 hours ago

You must login to view this content

cohenido

DragonForce

Dark Feed IO

1 day 21 hours ago

You must login to view this content

cohenido

Lies, Damned Lies, and Cybersecurity Metrics

darkreading

1 day 21 hours ago

A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn't improving results.

Joan Goodchild

Akira

Dark Feed IO

1 day 21 hours ago

You must login to view this content

cohenido

Akira

Dark Feed IO

1 day 21 hours ago

You must login to view this content

cohenido

CVE-2024-49645 | Ilias Gomatos Affiliate Platform Plugin up to 1.4.8 on WordPress cross site scripting

Vuldb Updates

1 day 21 hours ago

A vulnerability, which was classified as problematic, has been found in Ilias Gomatos Affiliate Platform Plugin up to 1.4.8 on WordPress. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-49645. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2024-49640 | AmaderCode Lab ACL Floating Cart for WooCommerce Plugin up to 0.9 on WordPress cross site scripting

Vuldb Updates

1 day 21 hours ago

A vulnerability described as problematic has been identified in AmaderCode Lab ACL Floating Cart for WooCommerce Plugin up to 0.9 on WordPress. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2024-49640. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2024-47640 | weDevs WP ERP Plugin up to 1.13.2 on WordPress cross site scripting

Vuldb Updates

1 day 21 hours ago

A vulnerability, which was classified as problematic, has been found in weDevs WP ERP Plugin up to 1.13.2 on WordPress. The affected element is an unknown function. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2024-47640. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-49632 | Coral Web Design CWD 3D Image Gallery Plugin up to 1.0 on WordPress cross site scripting

Vuldb Updates

1 day 21 hours ago

A vulnerability has been found in Coral Web Design CWD 3D Image Gallery Plugin up to 1.0 on WordPress and classified as problematic. This affects an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-49632. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2024-49634 | Rimon Habib BP Member Type Manager Plugin up to 1.01 on WordPress cross site scripting

Vuldb Updates

1 day 21 hours ago

A vulnerability was found in Rimon Habib BP Member Type Manager Plugin up to 1.01 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2024-49634. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2024-49639 | Edward Stoever Monitor.chat Plugin up to 1.1.1 on WordPress cross site scripting

Vuldb Updates

1 day 21 hours ago

A vulnerability was found in Edward Stoever Monitor.chat Plugin up to 1.1.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2024-49639. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2024-50459 | HM Plugin Stripe Donation and Payment Plugin up to 3.2.3 on WordPress authorization

Vuldb Updates

1 day 21 hours ago

A vulnerability classified as problematic was found in HM Plugin Stripe Donation and Payment Plugin up to 3.2.3 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2024-50459. The attack can be executed remotely. There is not any exploit available.

vuldb.com

Why Your Automated Pentesting Tool Just Hit a Wall

Bleeping Computer.

1 day 21 hours ago

Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Threat intelligence | Microsoft Security Blog

1 day 21 hours ago

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure.

The post SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

UK exposes Russian cyber unit hacking home routers to hijack internet traffic

The Record

1 day 21 hours ago

Officials said the activity centers on compromising small office and home office routers and similar network devices exposed to the internet, often because of weak security settings or outdated software.

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Threat intelligence | Microsoft Security Blog

1 day 21 hours ago

The post SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

Aggregator

Managed ad