Aggregator

CVE-2026-3236 | Octopus Deploy Octopus Server up to 2025.3.14760/2025.4.10408 New API Key authorization (EUVD-2026-9817 / WID-SEC-2026-0613)

VulDB Recent Entries
1 month 1 week ago
A vulnerability classified as critical has been found in Octopus Deploy Octopus Server up to 2025.3.14760/2025.4.10408. Affected by this vulnerability is an unknown functionality of the component New API Key Handler. Performing a manipulation results in incorrect authorization. This vulnerability was named CVE-2026-3236. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-1605 | Eclipse Jetty up to 12.0.31/12.1.5 HTTP Request resource consumption (GHSA-xxh7-fcf3-rj7f / EUVD-2026-9815)

VulDB Recent Entries
1 month 1 week ago
A vulnerability described as problematic has been identified in Eclipse Jetty up to 12.0.31/12.1.5. Affected is an unknown function of the component HTTP Request Handler. Such manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2026-1605. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2025-11143 | Eclipse Jetty up to 9.4.58/10.0.26/11.0.26/12.0.30/12.1.4 URI Parser input validation (GHSA-wjpw-4j6x-6rwh)

VulDB Recent Entries
1 month 1 week ago
A vulnerability marked as problematic has been reported in Eclipse Jetty up to 9.4.58/10.0.26/11.0.26/12.0.30/12.1.4. This impacts an unknown function of the component URI Parser. This manipulation causes improper input validation. This vulnerability is handled as CVE-2025-11143. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2025-59059

CVE Trends
1 month 1 week ago
Currently trending CVE - Hype Score: 1 - Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

CVE-2025-54136

CVE Trends
1 month 1 week ago
Currently trending CVE - Hype Score: 8 - Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's ...

Pear

Dark Feed IO
1 month 1 week ago

You must login to view this content

cohenido

That attractive online ad might be a malware trap

Help Net Security
1 month 1 week ago

Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside marketing traffic. The financial impact of these threats continues to grow. Estimated consumer and business losses in the United States tied to malware, scams, and ad-borne fraud exceeded $12.5 billion in 2025. Exposure also remains … More →

The post That attractive online ad might be a malware trap appeared first on Help Net Security.

Anamarija Pogorelec

LilacCTF2026 Writeup

先知技术社区
1 month 1 week ago
本届 LilacCTF 2026由XCTF联赛的合作单位哈尔滨工业大学 Lilac 战队组织,由赛宁网安提供技术支持。作为第十届XCTF国际联赛的分站赛,本次比赛将采用在线网络安全夺旗挑战赛的形式,面向全球开放

Threat Actors Intensify Targeting of IP Cameras Across Middle East Amid Ongoing Conflict

Cyber Security News
1 month 1 week ago

Cyberattacks linked to Iranian threat actors are taking on a new and alarming form in the ongoing Middle East conflict. Since late February 2026, a coordinated campaign to compromise internet-connected IP cameras has been underway across multiple countries in the region, raising serious concerns about how cyber operations are being actively used to support physical […]

The post Threat Actors Intensify Targeting of IP Cameras Across Middle East Amid Ongoing Conflict appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad