Aggregator

A vulnerability has been found in NetBSD and classified as problematic. This affects the function cryptodev_op of the component opencrypto Subsystem. The manipulation leads to double free. This vulnerability is listed as CVE-2026-32848. The attack must be carried out locally. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A threat actor claims to be publishing additional databases tied to Indonesian Professional Certification Institutes (LSP), alleging that more than 20 LSP datasets have been obtained and are being released as part of an ongoing extortion-driven leak campaign.

Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for employees. [...]

A vulnerability, which was classified as critical, was found in Thermo Fisher Scientific Torrent Suite Dx up to 5.14.2. The impacted element is an unknown function. Executing a manipulation can lead to improper authorization. This vulnerability is tracked as CVE-2026-41085. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in EIPStackGroup OpENer 2.3-558-g1e99582. The affected element is the function CreateCommonPacketFormatStructure of the file source/src/enet_encap/cpf.c of the component CPF Message Handler. Performing a manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-38719. The attack is only possible with local access. There is not any exploit available.

A vulnerability classified as problematic was found in HSC HSC MailInspector 5.3.3-7. Impacted is an unknown function of the file /police/WarningUrlPage.php. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-29965. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in HSC Mailinspector 5.3.3-7. This issue affects some unknown processing of the file /tap/tap.php of the component Endpoint. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-29964. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in Chroma ChromaDB up to 1.0.0. This vulnerability affects unknown code of the file the /api/v2/tenants/{tenant}/databases/{db}/collections of the component Model Handler. The manipulation results in code injection. This vulnerability was named CVE-2026-45829. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as critical has been reported in HSC Mailinspector 5.3.3-7. This affects an unknown part of the file /vendor/phpunit/phpunit.php of the component Endpoint. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-29962. The attack is possible to be carried out remotely. No exploit exists.

A threat actor claims to have leaked a database tied to Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu Kabupaten Belu (DPMPTSP), the Indonesian local government agency responsible for investment services and integrated business licensing in Belu Regency.

A vulnerability labeled as critical has been found in HSC Mailinspector 5.3.3-7. Affected by this issue is some unknown functionality of the file /tap/dw.php of the component Normalization Handler. Executing a manipulation of the argument text can lead to path traversal. This vulnerability is handled as CVE-2026-29963. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Microsoft Edge. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-45494. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Microsoft Edge. Affected is an unknown function of the component Security Feature. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-45492. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Microsoft Edge. It has been rated as critical. This impacts an unknown function. This manipulation causes improper input validation. This vulnerability appears as CVE-2026-45495. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Старичок Stinger готовится на покой.

Currently trending CVE - Hype Score: 1 - In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via ...

Currently trending CVE - Hype Score: 8 - An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length ...

Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker ...