Aggregator

A vulnerability was found in Pimcore 1.4.9/1.5.0/2.1.0. It has been declared as critical. This affects the function getObjectByToken of the file Newsletter.php. Executing a manipulation can lead to improper input validation. This vulnerability appears as CVE-2014-2922. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Asus RT-AC68U -/3.0.0.4.374.4755/3.0.0.4.374 4561/3.0.0.4.374 4887. It has been rated as critical. This impacts an unknown function of the file Main_Analysis_Content.asp of the component Firmware. The manipulation leads to os command injection. This vulnerability is traded as CVE-2013-5948. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in json-c up to 0.11. Affected is an unknown function. The manipulation results in memory corruption. This vulnerability is known as CVE-2013-6370. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in json-c up to 0.11. Affected by this vulnerability is an unknown functionality. This manipulation causes cryptographic issues. This vulnerability is handled as CVE-2013-6371. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Automattic Jetpack. Affected by this issue is some unknown functionality. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2014-0173. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in FitNesse Wiki 20131110/20140201. This affects an unknown part. Performing a manipulation of the argument pageContent results in command injection. This vulnerability was named CVE-2014-1216. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in vTiger CRM 6.0.0. This vulnerability affects unknown code. Executing a manipulation can lead to improper input validation. The identification of this vulnerability is CVE-2014-2269. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according to the F-Secure Scam Intelligence & Impacts Report 2026. Most common channels for scam attempts (Source: F-Secure) The United States recorded the highest exposure levels among surveyed markets. Younger consumers reported higher scam activity … More →

The post The scam economy has found its AI upgrade appeared first on Help Net Security.

Currently trending CVE - Hype Score: 1 - Bio.Entrez in Biopython through 186 allows doctype XXE.

Currently trending CVE - Hype Score: 1 - Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the ...

Чтобы украсть чужие секреты, теперь не требуется даже пароль.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of April, attackers rapidly exploited the critical […]

A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. [...]

OpenAI придумала, как продать пентест корпорациям.

4月│月报 谛听工控安全月报上线了，工信部的最新政策，4月发生的多起工控安全事件，谛听团队收集的最新攻击教据......更多安全资讯，请关注“谛听ditecting",每月更新!

ShinyHunters gets away with emails and other data on 200,000 Zara customers

A vulnerability was found in PHP up to 8.4.20/8.5.5. It has been classified as critical. The impacted element is the function mb_convert_encoding/mb_detect_encoding/mb_convert_variables/mb_detect_order. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2026-6104. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. It has been declared as critical. This affects the function strncat of the component PDO Firebird Driver. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2025-14179. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. This affects an unknown part of the component SOAP Extension. This manipulation causes use after free. This vulnerability is registered as CVE-2026-6722. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. This issue affects some unknown processing of the component SOAP Request Handler. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2026-7261. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.