Aggregator

A vulnerability classified as critical has been found in Everon api.everon.io. This vulnerability affects unknown code of the component WebSocket Endpoint. This manipulation causes missing authentication. This vulnerability is registered as CVE-2026-26288. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in Mobiliti e-mobi.hu. This affects an unknown part of the component WebSocket Endpoint. The manipulation results in missing authentication. This vulnerability is cataloged as CVE-2026-26051. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in Everon api.everon.io. Affected by this issue is some unknown functionality of the component WebSocket Application Programming Interface. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2026-24696. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as problematic has been found in Mobiliti e-mobi.hu. Affected by this vulnerability is an unknown functionality of the component WebSocket Application Programming Interface. Executing a manipulation can lead to improper restriction of excessive authentication attempts. This vulnerability is tracked as CVE-2026-20882. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in Navtor NavBox up to 4.12.0.3. Affected is an unknown function of the component HTTP API Endpoint. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-2754. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Navtor NavBox up to 4.12.0.3. This impacts an unknown function of the component HTTP Service. Such manipulation leads to absolute path traversal. This vulnerability is referenced as CVE-2026-2753. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Navtor NavBox up to 4.12.0.3. It has been rated as problematic. This affects an unknown function of the file /api/ais-data. This manipulation causes information exposure through error message. The identification of this vulnerability is CVE-2026-2752. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

For the first time, spyware makers topped Google's list of organizations that exploited zero-day flaws in 2025, overtaking nation-state actors from China, Russia, and elsewhere and continuing a trends that Google researchers warned about two years ago.

The post Spyware Makers Topped Google’s List of Zero-Day Exploits for the First Time in 2025 appeared first on Security Boulevard.

Ученые выяснили, что на самом деле может мешать нам установить контакт с внеземными цивилизациями.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]

Wi-Fi client isolation，一个美丽的谎言

На смену грубой силе пришёл холодный расчёт.

数十年来，卫星、无人机与人工侦察员，始终是战争中监视与侦察体系的核心工具。

GLP-1 减肥药已经改变了无数肥胖者的生活，但停用减肥药的人通常会恢复大部分减轻的体重。GLP-1 减肥药价格不菲，如果需要终身服药那么这就给服用者带来了经济上的巨大负担。发表在《Obesity》的一项研究探讨了如何在减肥的同时减少减肥药支出的可能性。小规模实验发现，减少 GLP-1 减肥药的服用间隔仍然维持减肥效果。30 名服用减肥药的人参与了研究，23 人将服药间隔改为两周或至少 10 天，另外 7 人服药间隔更长。研究人员发现，几乎所有人减肥后的 BMI 指数都保持稳定，只有 5 人体重略有回升。有 4 人在体重再次增加后恢复到了原来的服药方案。研究人员表示需要扩大规模验证这项发现。

A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise. […]

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like