Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc2. This affects the function __io_openat_prep. The manipulation results in memory leak. This vulnerability is known as CVE-2025-68814. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. Affected is the function __ip_vs_get_out_rt in the library include/linux/inetdevice.h. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2025-68813. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Affected by this issue is the function vidtv_channel_si_init of the component media. The manipulation results in use after free. This vulnerability is cataloged as CVE-2025-68808. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-2206. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in WeKan up to 8.20 and classified as problematic. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-2208. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability has been found in D-Link DCS-933L up to 1.14.11 and classified as critical. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-2218. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Praskla-Technology assessment-placipy 1.0.0. It has been rated as critical. This vulnerability affects unknown code of the file backend/src/routes/student.routes.ts. Performing a manipulation results in missing authorization. This vulnerability is identified as CVE-2026-25806. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in Praskla-Technology assessment-placipy 1.0.0. This affects an unknown function of the file backend/src/routes/student.submission.routes.ts. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-25810. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in Praskla-Technology assessment-placipy 1.0.0. Affected by this vulnerability is an unknown functionality of the file backend/src/routes/results.routes.ts. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-25876. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability identified as critical has been detected in Praskla-Technology assessment-placipy 1.0.0. This affects an unknown function of the component Code Evaluation Endpoint. This manipulation causes improper authorization. This vulnerability is tracked as CVE-2026-25809. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. This vulnerability is listed as CVE-2026-2173. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. This vulnerability is cataloged as CVE-2026-2174. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. This vulnerability is documented as CVE-2026-2176. The attack can be executed remotely. There is not any exploit available.

Почему крупнейший хостинг IT-проектов в мире перестал быть стабильным.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346

A critical denial-of-service (DoS) flaw in Palo Alto Networks’ PAN-OS software could let unauthenticated attackers crash firewalls into endless reboot cycles, potentially crippling enterprise networks. Dubbed CVE-2026-0229, the vulnerability lurks in the Advanced DNS Security (ADNS) feature. An attacker sends a maliciously crafted packet to trigger a system reboot. Repeated exploitation forces the firewall into […]

The post Palo Alto Networks Firewall Vulnerability Allows an Attacker to Force Firewalls into a Reboot Loop appeared first on Cyber Security News.

Пекин построил виртуальный мир, чтобы научиться ломать настоящий.

In this Help Net Security, Chris O’Ferrell, CEO at CodeHunter, talks about why malware keeps succeeding, where attackers insert malicious code in the SDLC, and how CI/CD pipelines can become a quiet entry point. He also breaks down the difference between behavioral detection and behavioral intent analysis, and why explainable results matter for security teams. What is the most common reason modern malware succeeds even in organizations with mature EDR and threat intel programs? Modern … More →

The post When security decisions come too late, and attackers know it appeared first on Help Net Security.

Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to systematically probe models and replicate their logic and reasoning. [...]