Aggregator

OptimizerAI Database Leaked With 118,000 User Records and 1.1 Million AI Generated Sounds

A vulnerability has been found in Statamic CMS up to 5.73.10/6.3.x and classified as critical. This issue affects some unknown processing. This manipulation causes code injection. This vulnerability appears as CVE-2026-28425. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Statamic CMS up to 5.73.10/6.3.x. It has been declared as problematic. The impacted element is an unknown function. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-28424. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Statamic CMS up to 5.73.10/6.3.x. This impacts an unknown function. The manipulation results in server-side request forgery. This vulnerability was named CVE-2026-28423. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in openDCIM up to 23.04. Affected by this vulnerability is the function exec of the file report_network_map.php of the component Configuration Parameter Handler. Executing a manipulation of the argument dot can lead to os command injection. This vulnerability appears as CVE-2026-28517. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability classified as critical has been found in openDCIM up to 23.04. This affects an unknown function of the component LDAP Configuration Handler. This manipulation of the argument REMOTE_USER causes missing authorization. This vulnerability is registered as CVE-2026-28515. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in openDCIM up to 23.04. Affected is the function Config::UpdateParameter. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-28516. The attack is possible to be carried out remotely. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Dhrumil Kumbhani Featured Image from Content Plugin up to 1.6 on WordPress. It has been classified as critical. This vulnerability affects unknown code. This manipulation causes server-side request forgery. This vulnerability is handled as CVE-2026-27759. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Statamic CMS up to 5.73.10/6.3.x. It has been rated as problematic. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-28426. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in VMware Aria Operations, Cloud Foundationcust, Telco Cloud Platform and Telco Cloud Infrastructure. Affected by this vulnerability is an unknown functionality. The manipulation leads to command injection. This vulnerability is documented as CVE-2026-22719. The attack can be initiated remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

Shiraume Hospital Patient Data Allegedly Leaked With Full Medical Records and PII

Currently trending CVE - Hype Score: 1 - Microsoft Outlook Elevation of Privilege Vulnerability

Iranian Cyberespionage Group MuddyWater Goes Dark
Physical effects rather than cyber strikes are triggering Middle Eastern connectivity problems during day four of a sustained U.S. and Israeli bombing campaign against Iran. Iran is responding with drone and missile attacks targeting U.S. military as well as British bases in Bahrain, Cyprus.

CEOs and CISOs on Dealing With the ‘Work From Anywhere’ Challenge
In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. [...]

Through a simple calendar invite, AI browsers like Comet can be directed to access local file systems, browse directories, open and read files, and exfiltrate data.

The post Researchers discover suite of agentic AI browser vulnerabilities appeared first on CyberScoop.

Like many other features and systems in modern cars, tire pressure sensors leak sensitive data that can be abused by threat actors.