The Gentleman
You must login to view this content
Aggregator
China-Nexus Hackers Use Backdoored PAM Modules for Credential Theft and Authentication Bypass
13 hours 45 minutes ago
A sophisticated China-linked threat actor known as Velvet Ant has been running a long-term cyber intrusion inside a major organization’s internal network, going undetected for nearly a decade. The campaign, now called Operation Highland, revealed a level of patience and technical depth rarely seen in publicly documented intrusions. What made this attack particularly alarming was […]
The post China-Nexus Hackers Use Backdoored PAM Modules for Credential Theft and Authentication Bypass appeared first on Cyber Security News.
Tushar Subhra Dutta
Infinite Campus data breach affects 137,000 school staff accounts
13 hours 48 minutes ago
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]
Sergiu Gatlan
CVE-2026-49757 | team-alembic ash_authentication up to 4.13.x email authentication spoofing (GHSA-777c-2fxx-qr28)
13 hours 51 minutes ago
A vulnerability has been found in team-alembic ash_authentication up to 4.13.x and classified as critical. This issue affects some unknown processing. This manipulation of the argument email causes authentication bypass by spoofing.
This vulnerability is handled as CVE-2026-49757. It is possible to launch the attack on the local host. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-34030 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 Setting file inclusion
13 hours 51 minutes ago
A vulnerability, which was classified as problematic, was found in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. This vulnerability affects unknown code of the component Setting Handler. The manipulation results in file inclusion.
This vulnerability is known as CVE-2026-34030. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-5482 | Tecrail Responsive FileManager up to 9.14.0 dialog.php unrestricted upload
13 hours 51 minutes ago
A vulnerability, which was classified as critical, has been found in Tecrail Responsive FileManager up to 9.14.0. This affects an unknown part of the file dialog.php. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is traded as CVE-2026-5482. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-34029 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 Configuration File SafeSystem.Infrastructure.Security.dll hard-coded key
13 hours 52 minutes ago
A vulnerability classified as problematic was found in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. Affected by this issue is some unknown functionality in the library SafeSystem.Infrastructure.Security.dll of the component Configuration File Handler. Executing a manipulation can lead to use of hard-coded cryptographic key
.
This vulnerability appears as CVE-2026-34029. The attack requires local access. There is no available exploit.
vuldb.com
CVE-2026-34027 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 uploadcustomdocuments Content-Type unrestricted upload
13 hours 52 minutes ago
A vulnerability classified as critical has been found in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. Affected by this vulnerability is an unknown functionality of the file /safe/contract/uploadcustomdocuments. Performing a manipulation of the argument Content-Type results in unrestricted upload.
This vulnerability is reported as CVE-2026-34027. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2026-34025 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 Header X-Forwarded-For authentication spoofing
13 hours 52 minutes ago
A vulnerability described as critical has been identified in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. Affected is an unknown function of the component Header Handler. Such manipulation of the argument X-Forwarded-For leads to authentication bypass by spoofing.
This vulnerability is documented as CVE-2026-34025. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-34024 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 Web Application Endpoint authorization
13 hours 52 minutes ago
A vulnerability marked as critical has been reported in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. This impacts an unknown function of the component Web Application Endpoint. This manipulation causes missing authorization.
This vulnerability is registered as CVE-2026-34024. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-34021 | Wertheim SafeController 5400 Hardware for VAULT ROOMS 6.11.8130.22320 authentication replay
13 hours 52 minutes ago
A vulnerability labeled as problematic has been found in Wertheim SafeController 5400 Hardware for VAULT ROOMS 6.11.8130.22320. This affects an unknown function. The manipulation results in authentication bypass by capture-replay.
This vulnerability is cataloged as CVE-2026-34021. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-34028 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 HTTP Endpoint Audio direct request
13 hours 53 minutes ago
A vulnerability identified as problematic has been detected in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. The impacted element is an unknown function of the file /Resources/CompanyId_[ID]/Audio/ of the component HTTP Endpoint. The manipulation leads to direct request.
This vulnerability is listed as CVE-2026-34028. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-34026 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 Application Log openselfservicedocument documentName path traversal
13 hours 53 minutes ago
A vulnerability categorized as problematic has been discovered in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. The affected element is an unknown function of the file /safe/selfservice/openselfservicedocument of the component Application Log Handler. Executing a manipulation of the argument documentName can lead to relative path traversal.
This vulnerability is tracked as CVE-2026-34026. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-34023 | Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014 authorization
13 hours 53 minutes ago
A vulnerability was found in Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014. It has been rated as critical. Impacted is an unknown function. Performing a manipulation results in incorrect authorization.
This vulnerability is identified as CVE-2026-34023. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-34022 | Wertheim SafeController Family 65000 Hardware for VAULT ROOMS Encryption Key hard-coded key
13 hours 53 minutes ago
A vulnerability was found in Wertheim SafeController Family 65000 Hardware for VAULT ROOMS 6.11.8130.22319. It has been declared as problematic. This issue affects some unknown processing of the component Encryption Key Handler. Such manipulation leads to use of hard-coded cryptographic key
.
This vulnerability is referenced as CVE-2026-34022. The attack needs to be initiated within the local network. No exploit is available.
vuldb.com
CVE-2026-12057 | Foxit AI inclusion of functionality from untrusted control sphere
13 hours 53 minutes ago
A vulnerability was found in Foxit AI. It has been classified as critical. This vulnerability affects unknown code. This manipulation causes inclusion of functionality from untrusted control sphere.
The identification of this vulnerability is CVE-2026-12057. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
Один удар — четыре банка. Тегеран вернулся в эпоху бумажных расчётов
13 hours 55 minutes ago
Что кибератака на четыре банка говорит о реальном состоянии иранской финансовой системы.
.
.
CVE-2026-11860 | OpenSolution Quick.CMS up to 6.8 __wakeup/__destruct deserialization
13 hours 55 minutes ago
A vulnerability was found in OpenSolution Quick.CMS up to 6.8 and classified as problematic. This affects the function __wakeup/__destruct. The manipulation results in deserialization.
This vulnerability was named CVE-2026-11860. The attack may be performed from remote. There is no available exploit.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2026-50100 | Ricoh/Konica Minolta Printer Driver uncontrolled search path
14 hours 9 minutes ago
A vulnerability has been found in Ricoh/Konica Minolta Printer Driver and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to uncontrolled search path.
This vulnerability is uniquely identified as CVE-2026-50100. Local access is required to approach this attack. No exploit exists.
vuldb.com
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
14 hours 10 minutes ago
Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the technology.
Robert Lemos