Aggregator

CVE-2026-5755 | Mattermost up to 11.6.0 TIFF IFD Offset resource consumption

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability was found in Mattermost up to 10.11.14/11.4.4/11.5.2/11.5.3/11.6.0. It has been declared as problematic. This issue affects some unknown processing of the component TIFF IFD Offset Handler. Executing a manipulation can lead to resource consumption. This vulnerability is tracked as CVE-2026-5755. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

The Hackers News
4 weeks 2 days ago
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI
The Hacker News

CVE-2026-4635 | Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Notification Message race condition

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability was found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. It has been classified as problematic. This vulnerability affects unknown code of the component Notification Message Handler. Performing a manipulation results in race condition. This vulnerability is identified as CVE-2026-4635. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-3636 | Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 API information disclosure

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability was found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 and classified as problematic. This affects an unknown part of the component API. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2026-3636. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-3473 | Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Boards API authorization

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability has been found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Boards API. This manipulation causes authorization bypass. The identification of this vulnerability is CVE-2026-3473. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-25607 | Centralny Instytut Ochrony Pracy STER up to 9.4 of weak password encoding

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability, which was classified as problematic, was found in Centralny Instytut Ochrony Pracy STER up to 9.4. Affected by this vulnerability is an unknown functionality. The manipulation of the argument of results in weak encoding for password. This vulnerability was named CVE-2026-25607. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2026-25606 | Centralny Instytut Ochrony Pracy STER up to 9.4 Search Filter sql injection

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability, which was classified as critical, has been found in Centralny Instytut Ochrony Pracy STER up to 9.4. Affected is an unknown function of the component Search Filter Handler. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-25606. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-5740 | Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 msgpack-Encoded WebSocket Frame memory allocation

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability classified as problematic was found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. This impacts an unknown function of the component msgpack-Encoded WebSocket Frame Handler. Executing a manipulation can lead to uncontrolled memory allocation. This vulnerability is handled as CVE-2026-5740. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-25608 | Centralny Instytut Ochrony Pracy STER up to 9.4 cleartext transmission

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability classified as problematic has been found in Centralny Instytut Ochrony Pracy STER up to 9.4. This affects an unknown function. Performing a manipulation results in cleartext transmission of sensitive information. This vulnerability is known as CVE-2026-25608. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

The Hackers News
4 weeks 2 days ago
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. The
The Hacker News

Kore.ai unveils AI-native platform for enterprise multiagent systems

Help Net Security
4 weeks 2 days ago

Kore.ai has launched the new-generation Kore.ai Agent Platform Artemis edition, the AI-programmable, AI-native foundation that builds, governs, and optimizes the agents, systems, and workflows running across the enterprise. The platform launches initially on Microsoft Azure, with broader cloud availability to follow. The new-generation Kore.ai Agent Platform enables enterprises to deploy production-ready multiagent AI systems in days instead of months, with governance, observability, and operational control enforced before any agent goes live. Three core innovations make … More →

The post Kore.ai unveils AI-native platform for enterprise multiagent systems appeared first on Help Net Security.

Industry News

Suspected KimWolf botnet admin arrested over DDoS-for-hire operation

Help Net Security
4 weeks 2 days ago

U.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million devices worldwide. Jacob Butler, 23, of Ottawa, Canada, also known online as “Dort,” was arrested in Canada under an extradition warrant after U.S. prosecutors charged him with offenses related to the alleged development and operation of the KimWolf botnet. According to court documents, KimWolf targeted internet-connected devices … More →

The post Suspected KimWolf botnet admin arrested over DDoS-for-hire operation appeared first on Help Net Security.

Sinisa Markovic

Managed ad