Aggregator

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

The Hackers News
2 months ago
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to. AI-powered command
The Hacker News

CVE-2026-3261 | itsourcecode School Management System 1.0 Setting /settings/index.php ID sql injection

VulDB Recent Entries
2 months ago
A vulnerability classified as critical has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2026-3261. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-2680 | A3factura Web Platform 4.111.2-rev.1 salesDeliveryNotes customerVATNumber cross site scripting (EUVD-2026-8852)

VulDB Recent Entries
2 months ago
A vulnerability described as problematic has been identified in A3factura Web Platform 4.111.2-rev.1. This affects an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes. The manipulation of the argument customerVATNumber results in cross site scripting. This vulnerability is reported as CVE-2026-2680. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2026-2679 | A3factura Web Platform 4.111.2-rev.1 salesInvoices customerName cross site scripting (EUVD-2026-8851)

VulDB Recent Entries
2 months ago
A vulnerability marked as problematic has been reported in A3factura Web Platform 4.111.2-rev.1. The impacted element is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/salesInvoices. The manipulation of the argument customerName leads to cross site scripting. This vulnerability is documented as CVE-2026-2679. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2026-2678 | A3factura Web Platform 4.111.2-rev.1 on A3factura customers Name cross site scripting (EUVD-2026-8850)

VulDB Recent Entries
2 months ago
A vulnerability labeled as problematic has been found in A3factura Web Platform 4.111.2-rev.1 on A3factura. The affected element is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/customers. Executing a manipulation of the argument Name can lead to cross site scripting. This vulnerability is registered as CVE-2026-2678. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2026-2677 | A3factura Web Platform 4.111.2-rev.1 representatives-management Name cross site scripting (EUVD-2026-8849)

VulDB Recent Entries
2 months ago
A vulnerability identified as problematic has been detected in A3factura Web Platform 4.111.2-rev.1. Impacted is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/representatives-management. Performing a manipulation of the argument Name results in cross site scripting. This vulnerability is cataloged as CVE-2026-2677. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-1198 | Simple SA Simple.ERP up to [email protected]_u05 Obroty na kontach search sql injection

VulDB Recent Entries
2 months ago
A vulnerability was found in Simple SA Simple.ERP up to [email protected]_u05. It has been rated as critical. This vulnerability affects the function Search of the component Obroty na kontach. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-1198. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2025-64999 | Checkmk up to 2.3.0p42/2.4.0p21 Synthetic Monitoring HTML Log HTML injection

VulDB Recent Entries
2 months ago
A vulnerability was found in Checkmk up to 2.3.0p42/2.4.0p21. It has been declared as problematic. This affects an unknown part of the component Synthetic Monitoring HTML Log. The manipulation results in HTML injection. This vulnerability is identified as CVE-2025-64999. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

Sophisticated SeaFlower Backdoor Campaign Targets Web3 Wallets to Steal Seed Phrases

Cyber Security News
2 months ago

A highly sophisticated and previously unreported threat campaign dubbed SeaFlower (藏海花) has been actively targeting users of popular Web3 cryptocurrency wallets, embedding stealthy backdoors into cloned versions of legitimate applications to silently steal seed phrases and drain victims’ funds. The campaign is considered one of the most technically advanced threats to Web3 users ever documented, […]

The post Sophisticated SeaFlower Backdoor Campaign Targets Web3 Wallets to Steal Seed Phrases appeared first on Cyber Security News.

Tushar Subhra Dutta

Wireshark 4.6.4 Released With Fix for Multiple Security Vulnerabilities

Cyber Security News
2 months ago

The Wireshark Foundation has officially released Wireshark 4.6.4, a significant maintenance update for the world’s most popular network protocol analyzer. This release addresses multiple security vulnerabilities and resolves various functional bugs that could impact stability and performance. Network administrators, security analysts, and developers rely on Wireshark for troubleshooting and education. This update is particularly critical […]

The post Wireshark 4.6.4 Released With Fix for Multiple Security Vulnerabilities appeared first on Cyber Security News.

Abinaya

Managed ad