Aggregator

CVE-2026-2878 | Progress Telerik UI for ASP.NET AJAX 2021.1.224/2025.1.416 File Content RadAsyncUpload entropy

VulDB Recent Entries
2 months ago
A vulnerability was found in Progress Telerik UI for ASP.NET AJAX 2021.1.224/2025.1.416. It has been classified as problematic. This vulnerability affects the function RadAsyncUpload of the component File Content Handler. This manipulation causes insufficient entropy. The identification of this vulnerability is CVE-2026-2878. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-12543

CVE Trends
2 months ago
Currently trending CVE - Hype Score: 1 - A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are ...

CVE-2025-62518

CVE Trends
2 months ago
Currently trending CVE - Hype Score: 3 - astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When ...

CVE-2026-27692 | InternationalColorConsortium iccDEV up to 2.3.1.4 Release out-of-bounds

VulDB Recent Entries
2 months ago
A vulnerability has been found in InternationalColorConsortium iccDEV up to 2.3.1.4 and classified as critical. Affected by this issue is the function CIccTagTextDescription::Release. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2026-27692. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.
vuldb.com

CVE-2026-27695 | zeroae zae-limiter up to 0.10.0 allocation of resources

VulDB Recent Entries
2 months ago
A vulnerability, which was classified as problematic, was found in zeroae zae-limiter up to 0.10.0. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to allocation of resources. This vulnerability is handled as CVE-2026-27695. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

The Hackers News
2 months ago
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to
The Hacker News

Netskope NewEdge AI Fast Path reduces latency for enterprise AI workloads

Help Net Security
2 months ago

Netskope has announced NewEdge AI Fast Path, a set of capabilities designed to optimize network paths to critical AI destinations, including applications hosted in public, private, or neo-cloud environments. The offering reduces latency and costs, improves performance and resilience, and delivers a secure experience for teams using AI applications or enterprises adopting agentic AI. Eliminating the “security vs. speed” dilemma The gap between AI expectations and reality is widening, and a recent survey revealed that … More →

The post Netskope NewEdge AI Fast Path reduces latency for enterprise AI workloads appeared first on Help Net Security.

Industry News

CVE-2026-3062 | Google Chrome up to 145.0.7632.109 on macOS Tint out-of-bounds write (ID 483751 / Nessus ID 299807)

Vuldb Updates
2 months ago
A vulnerability, which was classified as critical, was found in Google Chrome on macOS. This affects an unknown part of the component Tint. Such manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-3062. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

Managed ad