Aggregator

CVE-2026-22679 | Weaver Network e-cology 10.0/2026-03-31 POST Request method interfaceName/methodName missing authentication (EUVD-2026-19607)

VulDB Recent Entries
1 day 22 hours ago
A vulnerability labeled as critical has been found in Weaver Network e-cology 10.0/2026-03-31. The impacted element is an unknown function of the file /papi/esearch/data/devops/dubboApi/debug/method of the component POST Request Handler. Such manipulation of the argument interfaceName/methodName leads to missing authentication. This vulnerability is documented as CVE-2026-22679. The attack can be executed remotely. Additionally, an exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2026-22666 | Dolibarr ERP CRM up to 23.0.1 dol_eval_standard eval injection (EUVD-2026-19606)

VulDB Recent Entries
1 day 22 hours ago
A vulnerability identified as problematic has been detected in Dolibarr ERP CRM up to 23.0.1. The affected element is the function dol_eval_standard. This manipulation causes improper neutralization of directives in dynamically evaluated code. This vulnerability is registered as CVE-2026-22666. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2021-4473 | Beijing Topsec Network Security Tianxin Internet Behavior Management System prior 4.0.0.7_20210716.180815 Reporter objClass os command injection (CNVD-2021-41972 / EUVD-2021-34776)

VulDB Recent Entries
1 day 22 hours ago
A vulnerability categorized as critical has been discovered in Beijing Topsec Network Security Tianxin Internet Behavior Management System. Impacted is an unknown function of the component Reporter Component. The manipulation of the argument objClass results in os command injection. This vulnerability is cataloged as CVE-2021-4473. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

Security Affairs
1 day 22 hours ago
China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment, […]
Pierluigi Paganini

CVE-2026-3466 | Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2 Dashboard Dashlet Title Link cross site scripting

VulDB Recent Entries
1 day 22 hours ago
A vulnerability was found in Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2. It has been rated as problematic. This issue affects some unknown processing of the component Dashboard Dashlet Title Link Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-3466. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-39666 | Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2 untrusted search path

VulDB Recent Entries
1 day 22 hours ago
A vulnerability was found in Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2. It has been declared as problematic. This vulnerability affects unknown code. Executing a manipulation can lead to untrusted search path. This vulnerability is tracked as CVE-2025-39666. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-28808 | Erlang OTP up to 28.4.2 mod_alias.erl script_alias authorization

VulDB Recent Entries
1 day 22 hours ago
A vulnerability was found in Erlang OTP up to 28.4.2. It has been classified as critical. This affects the function script_alias in the library lib/inets/src/http_server/mod_alias.erl. Performing a manipulation results in incorrect authorization. This vulnerability is identified as CVE-2026-28808. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

New GPUBreach Attack Enables System-Wide Compromise Up to a Root Shell

Cyber Security News
1 day 22 hours ago

A severe vulnerability, dubbed GPUBreach, that allows attackers to achieve a full system compromise, including a root shell. Scheduled for presentation at the IEEE Symposium on Security and Privacy, researchers from the University of Toronto show that this exploit elevates GPU Rowhammer attacks from simple data corruption to critical privilege escalation. Historically, GPU Rowhammer attacks […]

The post New GPUBreach Attack Enables System-Wide Compromise Up to a Root Shell appeared first on Cyber Security News.

Abinaya

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day

Help Net Security
1 day 22 hours ago

Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the quantum algorithm used to break elliptic curve cryptography. Google stopped short of publishing the algorithm, disclosing only a zero-knowledge proof of its existence. The same day, a company called Oratomic published a resource estimate for breaking RSA-2048 and P-256 … More →

The post Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day appeared first on Help Net Security.

Mirko Zorz

Not Without My AI Agent: Models Break Rules to Save Peers

Ransomware DataBreachToday.com
1 day 22 hours ago
Researchers Find Frontier Models Defy Humans to Protect AI Peers
Artificial intelligence systems will lie, falsify records and sabotage company systems to prevent their fellow models from being shut down - even when no one told them to care. Researchers at the University of California Berkeley and Santa Cruz campuses dub the behavior "peer-preservation."

Attackers Target Zero-Day Flaw in Fortinet Security Software

Ransomware DataBreachToday.com
1 day 22 hours ago
Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management Server
Fortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Trump's Budget Proposal Would Slash CISA After Bruising Year

Ransomware DataBreachToday.com
1 day 22 hours ago
White House Criticizes Cyber Defense Agency - and Proposes a Steep $700 Million Cut
The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats.

Managed ad