Aggregator

CVE-2026-3465 | Tuya App/SDK 24.07.11 on Android JSON Data Point cruise_time denial of service (EUVD-2026-9297)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Tuya App and SDK 24.07.11 on Android. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruise_time causes denial of service. This vulnerability is registered as CVE-2026-3465. Remote exploitation of the attack is possible. Furthermore, an exploit is available. There is ongoing doubt regarding the real existence of this vulnerability. The vendor disagrees with the conclusion of the finding: "The described vulnerability fails to prove its feasibility or exploitability by attackers. The issue essentially does not constitute a security vulnerability, aligning more closely with abnormal product functionality." These considerations are properly reflected within the CVSS vector.
vuldb.com

Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM

Cyber Security News
1 month 3 weeks ago

San Francisco, CA, United States, March 3rd, 2026, CyberNewswire Archipelo and Checkmarx today announced a technical partnership focused on correlating application vulnerability findings with development-origin context within modern software delivery workflows. Application security platforms identify and prioritize vulnerabilities across repositories and pipelines. These systems indicate where risk exists but typically do not capture how a […]

The post Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM appeared first on Cyber Security News.

Cybernewswire

CVE-2026-1566 | LatePoint Plugin up to 5.2.7 on WordPress wordpress_user_id password recovery (EUVD-2026-9269 / CNNVD-202603-243)

Vuldb Updates
1 month 3 weeks ago
A vulnerability labeled as critical has been found in LatePoint Plugin up to 5.2.7 on WordPress. The impacted element is an unknown function. Such manipulation of the argument wordpress_user_id leads to weak password recovery. This vulnerability is traded as CVE-2026-1566. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2026-1336 | Ays Pro AI ChatBot with ChatGPT and Content Generator Plugin store_data/get_chatgpt_api_key authorization (EUVD-2026-9268 / CNNVD-202603-244)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as problematic, was found in Ays Pro AI ChatBot with ChatGPT and Content Generator Plugin up to 2.7.5/2.7.6 on WordPress. Affected by this vulnerability is the function store_data/get_chatgpt_api_key. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-1336. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2026-1747 | GitLab Enterprise Edition up to 18.7.4/18.8.4/18.9.0 authentication bypass (Issue 588385 / Nessus ID 300301)

Vuldb Updates
1 month 3 weeks ago
A vulnerability classified as critical has been found in GitLab Enterprise Edition up to 18.7.4/18.8.4/18.9.0. Affected is an unknown function. The manipulation leads to authentication bypass using alternate channel. This vulnerability is referenced as CVE-2026-1747. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-26132 | dottie up to 2.0.3 /dottie.js set Current prototype pollution (Nessus ID 300393)

Vuldb Updates
1 month 3 weeks ago
A vulnerability marked as problematic has been reported in dottie up to 2.0.3. The affected element is the function Set of the file /dottie.js. This manipulation of the argument Current causes improperly controlled modification of object prototype attributes. This vulnerability appears as CVE-2023-26132. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-27631 | exiv2 up to 0.28.7 Command Line max_size denial of service (EUVD-2026-9263 / Nessus ID 300392)

Vuldb Updates
1 month 3 weeks ago
A vulnerability classified as problematic has been found in exiv2 up to 0.28.7. This affects the function max_size of the component Command Line Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-27631. The attack can only be performed from a local environment. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-27837 | mickhansen dottie.js up to 2.0.6 set prototype pollution (GHSA-4gxf-g5gf-22h4 / Nessus ID 300393)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in mickhansen dottie.js up to 2.0.6. It has been rated as critical. Impacted is the function Set. This manipulation causes improperly controlled modification of object prototype attributes. This vulnerability is registered as CVE-2026-27837. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.
vuldb.com

Frictionless Banking Experiences Start with Observability

Netscout
1 month 3 weeks ago
A transaction either works or it doesn’t. High-profile banking outages have shown that service failures can affect millions of customers and lead to regulatory fines and compensation. Frictionless banking depends on systems that behave predictably under real-world stress. That requires observability across transaction...
Anthony Cote

New ‘StegaBin’ Campaign Uses Malicious 26 npm Packages to Deploy Multi-Stage Credential Stealer

Cyber Security News
1 month 3 weeks ago

A new software supply-chain attack is abusing the npm ecosystem today, where a single mistaken dependency can quietly open a door into a developer’s machine. The activity, tracked as “StegaBin,” mixes familiar tricks like typosquatting with a staged delivery path that runs during installation and keeps the theft out of sight.​ In this wave, 26 […]

The post New ‘StegaBin’ Campaign Uses Malicious 26 npm Packages to Deploy Multi-Stage Credential Stealer appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2023-28432

CVE Trends
1 month 3 weeks ago
Currently trending CVE - Hype Score: 1 - Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in ...

Managed ad