Aggregator

CVE-2026-1835 | lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb cross-site request forgery (CNNVD-202602-760)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2026-1835. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.
vuldb.com

CVE-2025-67857 | Moodle up to 4.1.21/4.4.11/4.5.7/5.0.3/5.1.0 Anonymous Assignment Submissions insertion of sensitive information into sent data (Nessus ID 297929)

Vuldb Updates
3 months 1 week ago
A vulnerability labeled as problematic has been found in Moodle up to 4.1.21/4.4.11/4.5.7/5.0.3/5.1.0. This vulnerability affects unknown code of the component Anonymous Assignment Submissions. The manipulation results in insertion of sensitive information into sent data. This vulnerability is reported as CVE-2025-67857. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2026-25237 | pear pearweb up to 1.32.x preg_replace /e executable regular expression error (GHSA-vhw6-hqh9-8r23 / Nessus ID 297928)

Vuldb Updates
3 months 1 week ago
A vulnerability categorized as critical has been discovered in pear pearweb up to 1.32.x. Affected by this vulnerability is the function preg_replace. The manipulation of the argument /e results in executable regular expression error. This vulnerability was named CVE-2026-25237. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-23044 | Linux Kernel up to 6.18.5/6.19-rc4 crypto_alloc_acomp null pointer dereference (Nessus ID 297930 / WID-SEC-2026-0324)

Vuldb Updates
3 months 1 week ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.18.5/6.19-rc4. This issue affects the function crypto_alloc_acomp. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2026-23044. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-23040 | Linux Kernel up to 6.18.5/6.19-rc4 wifi mac80211_hwsim null pointer dereference (Nessus ID 297932 / WID-SEC-2026-0324)

Vuldb Updates
3 months 1 week ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.5/6.19-rc4. This affects the function mac80211_hwsim of the component wifi. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2026-23040. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

Akira

Dark Feed IO
3 months 1 week ago

You must login to view this content

cohenido

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

Help Net Security
3 months 1 week ago

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom fixed CVE-2025-22225, CVE-2025-22224 (a heap overflow vulnerability) and CVE-2025-22226 (an information disclosure flaw) in VMware ESXi, Workstation, and Fusion in early March 2025. At the time of their disclosure, Broadcom said that they have information … More →

The post CISA confirms exploitation of VMware ESXi flaw by ransomware attackers appeared first on Help Net Security.

Zeljka Zorz

Betterment Data Breach Exposes 1.4 million Customers Personal Details

Cyber Security News
3 months 1 week ago

Betterment has disclosed a social engineering–driven data breach that exposed personal information for approximately 1.4 million customer accounts, significantly expanding the fallout from a January 2026 security incident tied to fraudulent crypto scam messages. In early January 2026, Betterment, a leading automated investment and robo‑advisory platform, detected unauthorized access to systems used for customer communications […]

The post Betterment Data Breach Exposes 1.4 million Customers Personal Details appeared first on Cyber Security News.

Guru Baran

CVE-2026-1991 | libuvc up to 0.0.7 UVC Descriptor src/device.c uvc_scan_streaming null pointer dereference (Issue 300)

VulDB Recent Entries
3 months 1 week ago
A vulnerability labeled as problematic has been found in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-1991. The attack needs to be approached locally. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Attackers Mimic RTO Challan Notifications to Deliver Android Malware

Cyber Security News
3 months 1 week ago

A sophisticated Android malware campaign targeting Indian users has emerged, disguising itself as legitimate Regional Transport Office (RTO) challan notifications. The malicious applications are distributed outside the Google Play Store, primarily through WhatsApp and similar messaging platforms, exploiting user trust in government services. Threat actors send fake traffic violation alerts to victims, instructing them to […]

The post Attackers Mimic RTO Challan Notifications to Deliver Android Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-1990 | oatpp up to 1.3.1 Type.hpp ObjectWrapper null pointer dereference (Issue 1080)

VulDB Recent Entries
3 months 1 week ago
A vulnerability identified as problematic has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2026-1990. Local access is required to approach this attack. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad