Aggregator

CVE-2026-43291 | Linux Kernel up to 6.19.5 net uninitialized pointer (WID-SEC-2026-1454)

Vuldb Updates
9 hours 5 minutes ago
A vulnerability was found in Linux Kernel up to 6.19.5 and classified as critical. This issue affects some unknown processing of the component net. The manipulation results in uninitialized pointer. This vulnerability was named CVE-2026-43291. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-43292 | Linux Kernel up to 6.12.74/6.18.15/6.19.5 purge_vmap_node infinite loop (Nessus ID 318589 / WID-SEC-2026-1454)

Vuldb Updates
9 hours 5 minutes ago
A vulnerability was found in Linux Kernel up to 6.12.74/6.18.15/6.19.5. It has been classified as critical. This affects the function purge_vmap_node. Performing a manipulation results in infinite loop. This vulnerability was named CVE-2026-43292. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-43290 | Linux Kernel up to 6.18.15/6.19.5 media /dev/video0 start_streaming buffer overflow (WID-SEC-2026-1454)

Vuldb Updates
9 hours 5 minutes ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.15/6.19.5. This affects the function start_streaming of the file /dev/video0 of the component media. Executing a manipulation can lead to buffer overflow. This vulnerability is tracked as CVE-2026-43290. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-43289 | Linux Kernel up to 6.19.5 kernel/kexec_file.c kexec_load_purgatory privilege escalation (Nessus ID 318589 / WID-SEC-2026-1454)

Vuldb Updates
9 hours 5 minutes ago
A vulnerability was found in Linux Kernel up to 6.19.5 and classified as critical. The impacted element is the function kexec_load_purgatory of the file kernel/kexec_file.c. Such manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2026-43289. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-43288 | Linux Kernel up to 6.6.127/6.12.74/6.18.15/6.19.5 ext4 ext4_percpu_param_init memory corruption (WID-SEC-2026-1454)

Vuldb Updates
9 hours 5 minutes ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.6.127/6.12.74/6.18.15/6.19.5. Affected by this issue is the function ext4_percpu_param_init of the component ext4. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2026-43288. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data

Cyber Security News
9 hours 8 minutes ago

Threat intelligence sources have reported that the threat actor group SHADOWBYT3$ has allegedly breached Nintendo, claiming to have exfiltrated approximately 859 MB of sensitive internal data. The incident, first observed on June 13, 2026, remains unverified at the time of writing. However, early details suggest potential exposure of employee-related information. The alleged breach is linked […]

The post SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data appeared first on Cyber Security News.

Abinaya

Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users

Cyber Security News
9 hours 58 minutes ago

Anthropic has updated its privacy policy for Claude, adding explicit terminology that allows the company to perform age and identity verification on consumer users. The change signals a tighter security and compliance stance across Claude Free, Pro, and Max plans. It is scheduled to take effect on July 8, 2026. In the revised policy, Anthropic […]

The post Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users appeared first on Cyber Security News.

Abinaya

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

The Hackers News
10 hours 4 minutes ago
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were
The Hacker News

CVE-2026-40992 | Vmware Spring Boot up to 3.4.16/3.5.14/4.0.6 Configuration certificate validation (CNNVD-202606-3065)

Vuldb Updates
10 hours 6 minutes ago
A vulnerability was found in Vmware Spring Boot up to 3.4.16/3.5.14/4.0.6. It has been classified as problematic. Affected is an unknown function of the component Configuration Handler. Performing a manipulation results in improper certificate validation. This vulnerability is reported as CVE-2026-40992. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-40986 | Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0 cross site scripting (CNNVD-202606-3067)

Vuldb Updates
10 hours 6 minutes ago
A vulnerability marked as problematic has been reported in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. Impacted is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-40986. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-40987 | Vmware Spring Integration up to 7.0.4 /SFTP/SMB path traversal (CNNVD-202606-3066)

Vuldb Updates
10 hours 6 minutes ago
A vulnerability described as critical has been identified in Vmware Spring Integration up to 5.5.20/6.3.14/6.4.11/6.5.8/7.0.4. The affected element is an unknown function of the file /SFTP/SMB. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-40987. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-10795 | davidanderson UpdraftPlus Plugin up to 1.26.4 on WordPress wp_loaded signature verification (EUVD-2026-36215 / CNNVD-202606-3068)

Vuldb Updates
10 hours 6 minutes ago
A vulnerability, which was classified as problematic, was found in davidanderson UpdraftPlus Plugin up to 1.26.4 on WordPress. The impacted element is the function UpdraftPlus_Remote_Communications_V2::wp_loaded. The manipulation results in improper verification of cryptographic signature. This vulnerability is cataloged as CVE-2026-10795. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2026-2827 | 100plugins Open User Map PRO Plugin up to 1.4.31 on WordPress versions oum_location_notification cross site scripting (EUVD-2026-36198 / CNNVD-202606-3071)

Vuldb Updates
10 hours 6 minutes ago
A vulnerability categorized as problematic has been discovered in 100plugins Open User Map PRO Plugin up to 1.4.31 on WordPress. This issue affects the function versions. The manipulation of the argument oum_location_notification results in cross site scripting. This vulnerability was named CVE-2026-2827. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools 8.61/8.62 Updates Environment Management missing authentication (EUVD-2026-36199 / CNNVD-202606-3070)

Vuldb Updates
10 hours 6 minutes ago
A vulnerability labeled as very critical has been found in Oracle PeopleSoft Enterprise PeopleTools 8.61/8.62. The affected element is an unknown function of the component Updates Environment Management. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-35273. It is possible to launch the attack remotely. Furthermore, an exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-40985 | Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0 expression language injection (EUVD-2026-36200 / CNNVD-202606-3069)

Vuldb Updates
10 hours 6 minutes ago
A vulnerability was found in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes improper neutralization of special elements used in an expression language statement. This vulnerability appears as CVE-2026-40985. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

Managed ad