Aggregator

CVE-2026-27631 | exiv2 up to 0.28.7 Command Line max_size denial of service (EUVD-2026-9263 / Nessus ID 300392)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as problematic has been found in exiv2 up to 0.28.7. This affects the function max_size of the component Command Line Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-27631. The attack can only be performed from a local environment. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-27837 | mickhansen dottie.js up to 2.0.6 set prototype pollution (GHSA-4gxf-g5gf-22h4 / Nessus ID 300393)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in mickhansen dottie.js up to 2.0.6. It has been rated as critical. Impacted is the function Set. This manipulation causes improperly controlled modification of object prototype attributes. This vulnerability is registered as CVE-2026-27837. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.
vuldb.com

Frictionless Banking Experiences Start with Observability

Netscout
1 month 1 week ago
A transaction either works or it doesn’t. High-profile banking outages have shown that service failures can affect millions of customers and lead to regulatory fines and compensation. Frictionless banking depends on systems that behave predictably under real-world stress. That requires observability across transaction...
Anthony Cote

New ‘StegaBin’ Campaign Uses Malicious 26 npm Packages to Deploy Multi-Stage Credential Stealer

Cyber Security News
1 month 1 week ago

A new software supply-chain attack is abusing the npm ecosystem today, where a single mistaken dependency can quietly open a door into a developer’s machine. The activity, tracked as “StegaBin,” mixes familiar tricks like typosquatting with a staged delivery path that runs during installation and keeps the theft out of sight.​ In this wave, 26 […]

The post New ‘StegaBin’ Campaign Uses Malicious 26 npm Packages to Deploy Multi-Stage Credential Stealer appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2023-28432

CVE Trends
1 month 1 week ago
Currently trending CVE - Hype Score: 1 - Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in ...

INC

Dark Feed IO
1 month 1 week ago

You must login to view this content

cohenido

Managed ad