Aggregator

A vulnerability was found in Microsoft SharePoint Server 2.0/16.0.5548.1003/16.0.5552.1002 and classified as problematic. This affects an unknown function. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-45467. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Microsoft SharePoint Server 2.0/16.0.5548.1003/16.0.5552.1002. It has been classified as problematic. This impacts an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-45468. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Microsoft Excel -/3/5.1/10.0.17763.8880. It has been declared as critical. Affected is an unknown function. Executing a manipulation can lead to integer underflow. This vulnerability is handled as CVE-2026-45469. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability described as problematic has been identified in Microsoft SharePoint Server 2.0/16.0.5548.1003/16.0.5552.1002. Impacted is an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-45479. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Microsoft SharePoint Server 2.0/16.0.5548.1003/16.0.5552.1002. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-45481. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

Вода под облучением стала "гуще" — и это не метафора, а новый вид трения.

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of […]

A vulnerability marked as critical has been reported in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. This vulnerability is reported as CVE-2026-12214. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in SAP Management Console. It has been rated as problematic. This impacts an unknown function. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2022-35226. The attack is possible to be carried out remotely. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability described as problematic has been identified in GNU Binutils 2.38.50. This affects the function read_and_display_attr_value of the file dwarf.c. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2022-35206. The attack needs to be done within the local network. There is no exploit available.

A vulnerability identified as problematic has been detected in GNU Binutils 2.38.50. This impacts the function display_debug_names of the component readelf. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2022-35205. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability was found in Sitevision up to 10.3.1. It has been classified as problematic. This affects an unknown function. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2022-35202. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Boodskap IoT Platform 4.4.9-02. Impacted is an unknown function of the component API Request Handler. Executing a manipulation can lead to improper authentication. This vulnerability is registered as CVE-2022-35136. The attack requires access to the local network. No exploit is available.

Submit #833135 / VDB-370858

A vulnerability labeled as critical has been found in SHLOMIF Config::IniFiles up to 3.999 on Perl. This affects the function Open. Such manipulation of the argument thing leads to os command injection. This vulnerability is documented as CVE-2026-11527. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in RURBAN GD up to 2.85 on Perl. Affected by this issue is the function Open. This manipulation of the argument filename causes os command injection. This vulnerability is registered as CVE-2026-11526. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. This vulnerability is cataloged as CVE-2026-12213. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. It has been rated as critical. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-12212. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. It has been declared as critical. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. This vulnerability is tracked as CVE-2026-12211. The attack can be launched remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Submit #832974 / VDB-370855