GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration
GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data
Aggregator
Telegram для Android теперь сложнее заблокировать. В мессенджере исправили критический баг
1 day 21 hours ago
Telegram обновил MTProto.
Major outage cripples Russian banking apps and metro payments nationwide
1 day 21 hours ago
A major outage hit Russian banking apps and payments, blocking card use, cash withdrawals, and mobile access for hours. A widespread outage disrupted banking apps and payment systems across Russia, leaving customers unable to pay by card, withdraw cash, or access mobile banking for hours. According to The Record Media, the incident affected major banks, […]
Pierluigi Paganini
CVE-2026-5627 | mintplex-labs anything-llm up to 1.12.0 AgentFlows index.js loadFlow/deleteFlow path traversal
1 day 21 hours ago
A vulnerability categorized as problematic has been discovered in mintplex-labs anything-llm up to 1.12.0. This affects the function loadFlow/deleteFlow of the file server/utils/agentFlows/index.js of the component AgentFlows. Such manipulation leads to path traversal: '\..\filename'.
This vulnerability is listed as CVE-2026-5627. The attack may be performed from remote. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-5741 | suvarchal docker-mcp-server up to 0.1.0 HTTP Interface src/index.ts stop_container/remove_container/pull_image os command injection
1 day 22 hours ago
A vulnerability was found in suvarchal docker-mcp-server up to 0.1.0. It has been rated as critical. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection.
This vulnerability is tracked as CVE-2026-5741. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
KRYBIT
1 day 22 hours ago
You must login to view this content
cohenido
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
1 day 22 hours ago
Noma Security researchers used indirect prompt injection to turn Grafana's own AI into an unwitting courier for sensitive corporate data.
The post ‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace appeared first on CyberScoop.
Greg Otto
CVE-2026-5739 | PowerJob 5.1.0/5.1.1/5.1.2 OpenAPI Endpoint /openApi/addWorkflowNode GroovyEvaluator.evaluate nodeParams code injection (Issue 1168)
1 day 22 hours ago
A vulnerability was found in PowerJob 5.1.0/5.1.1/5.1.2. It has been declared as critical. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection.
This vulnerability is identified as CVE-2026-5739. The attack can be executed remotely. There is not any exploit available.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
Submit #786948: suvarchal docker-mcp-server 0.1.0 Command Injection [Accepted]
1 day 22 hours ago
Submit #786948 / VDB-355748
BruceJin
Submit #786936: PowerJob 5.1.0/5.1.1/5.1.2 Code Injection [Accepted]
1 day 22 hours ago
Submit #786936 / VDB-355747
anch0r
求sin(18°)的解析解
1 day 22 hours ago
在一本老书《有理数与无理数》的习题中看到一道有意思的题,求sin(18°)的解析解。这是道大题,不是填空。
Acronis MDR by TRU brings 24/7 managed detection and response to MSPs
1 day 22 hours ago
Acronis has announced the launch of Acronis MDR by Acronis TRU, a globally available 24/7/365 managed detection and response (MDR) service. Built specifically for managed service providers (MSPs) of all sizes, the service provides threat detection, incident response, and cyber resilience powered by the Acronis Threat Research Unit (TRU). With this offering, MSPs can expand their security capabilities and deliver scalable protection without the complexity or cost of operating an in-house security operations center. As … More →
The post Acronis MDR by TRU brings 24/7 managed detection and response to MSPs appeared first on Help Net Security.
Industry News
CVE-2026-5736 | PowerJob 5.1.0/5.1.1/5.1.2 detailPlus Endpoint InstanceController.java customQuery sql injection (Issue 1167)
1 day 22 hours ago
A vulnerability was found in PowerJob 5.1.0/5.1.1/5.1.2. It has been classified as critical. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection.
This vulnerability is referenced as CVE-2026-5736. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
CVE-2026-35554 | Apache Kafka Clients up to 3.9.1/4.0.1/4.1.1 Producer Message use after free
1 day 22 hours ago
A vulnerability was found in Apache Kafka Clients up to 3.9.1/4.0.1/4.1.1 and classified as critical. This issue affects some unknown processing of the component Producer Message Handler. Executing a manipulation can lead to use after free.
The identification of this vulnerability is CVE-2026-35554. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
Submit #786727: PowerJob 5.1.0/5.1.1/5.1.2 SQL Injection [Accepted]
1 day 22 hours ago
Submit #786727 / VDB-355746
anch0r
CVE-2026-5732 | Mozilla Firefox up to 149.0.1 Text integer overflow
1 day 22 hours ago
A vulnerability has been found in Mozilla Firefox up to 149.0.1 and classified as critical. This vulnerability affects unknown code of the component Text Component. Performing a manipulation results in integer overflow.
This vulnerability was named CVE-2026-5732. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2026-5733 | Mozilla Firefox up to 149.0.1 WebGPU memory corruption
1 day 22 hours ago
A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 149.0.1. This affects an unknown part of the component WebGPU. Such manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2026-5733. The attack can be launched remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com
Российские маркетплейсы начали ограничивать доступ пользователям с VPN
1 day 22 hours ago
Крупнейшие российские маркетплейсы внедряют системы фильтрации трафика из-за требований регулятора.
CVE-2026-33866 | MLflow up to 3.10.1 AJAX Endpoint authorization (EUVD-2026-19609)
1 day 22 hours ago
A vulnerability, which was classified as problematic, has been found in MLflow up to 3.10.1. Affected by this issue is some unknown functionality of the component AJAX Endpoint. This manipulation causes missing authorization.
This vulnerability is handled as CVE-2026-33866. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-5735 | Mozilla Firefox up to 149.0.1 memory corruption
1 day 22 hours ago
A vulnerability classified as critical was found in Mozilla Firefox up to 149.0.1. Affected by this vulnerability is an unknown functionality. The manipulation results in memory corruption.
This vulnerability is known as CVE-2026-5735. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is advised.
vuldb.com