Aggregator

A vulnerability classified as problematic has been found in moment Package up to 2.11.1 on Node.js. This affects the function duration of the component Regex Handler. Performing a manipulation results in improper resource management. This vulnerability is cataloged as CVE-2016-4055. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in TYPO3 up to 6.2.18. This impacts an unknown function of the component Backend. Executing a manipulation of the argument module can lead to cross site scripting. This vulnerability is registered as CVE-2016-4056. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Zabbix up to 2.0.17/2.2.12/3.0.2. Affected is an unknown function of the file userparameter_mysql.conf of the component Configuration Script. The manipulation of the argument mysql.size leads to sql injection. This vulnerability is documented as CVE-2016-4338. The attack can be initiated remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GitLab up to 8.7.0. Affected by this vulnerability is an unknown functionality of the component Impersonation. The manipulation results in improper access controls. This vulnerability is reported as CVE-2016-4340. The attack can be launched remotely. Moreover, an exploit is present. You should upgrade the affected component.

A vulnerability has been found in cryptsetup Package up to 2:1.7.3-2 on Debian and classified as critical. Affected by this issue is some unknown functionality. This manipulation causes improper authentication. This vulnerability appears as CVE-2016-4484. It is feasible to perform the attack on the physical device. There is no available exploit.

A vulnerability was found in CakePHP up to 3.2.4 and classified as critical. This affects the function clientIp of the component HTTP Header Handler. Such manipulation of the argument CLIENT-IP leads to improper input validation. This vulnerability is traded as CVE-2016-4793. The attack may be launched remotely. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in TYPO3 up to 8.1.1. It has been classified as critical. This vulnerability affects unknown code of the component ExtbasE. Performing a manipulation results in 7pk security features. This vulnerability is known as CVE-2016-5091. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in KeePass up to 2.33. It has been declared as critical. This issue affects some unknown processing of the component Automatic Update. Executing a manipulation can lead to improper input validation. This vulnerability is handled as CVE-2016-5119. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Oracle Primavera Unifier 16.x/17.x/18.x. This affects an unknown part of the component Moment. This manipulation causes improper resource management. This vulnerability is registered as CVE-2016-4055. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Editor’s note: The analysis is authored by Moises Cerqueira, malware researcher & threat hunter. You can find Moises on LinkedIn and X. Credential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especially dangerous because they target the operational […]

The post LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises appeared first on ANY.RUN's Cybersecurity Blog.

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke

NGINX 18年漏洞已公开

Четыре группировки взяли под контроль почти половину всех атак с шифрованием данных.

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. These outputs

Зачем строить свою инфраструктуру, если есть обычный файлообменник для всех?

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight skills, and several supporting tools targeting the loop developers run dozens of times a day: scaffold, build, run, test, iterate. Native Windows app development with WinUI 3 pulls together several moving parts that rarely sit cleanly together for … More →

The post Microsoft’s WinUI agent plugin trims token use by over 70% during development appeared first on Help Net Security.

近日，绿盟科技CERT监测到Nginx和F5发布安全公告，修复了Nginx远程代码执行漏洞（CVE-2026-42945）；CVSS评分9.2，目前漏洞细节与PoC已公开，请相关用户尽快采取措施进行防护。