Aggregator

A vulnerability classified as critical was found in lxc incus up to 6.x. This affects an unknown function of the component OVN Endpoint. Executing a manipulation can lead to improper certificate validation. This vulnerability is tracked as CVE-2026-40243. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Почему сисадмины по всему миру просто пропустили момент вторжения?

A vulnerability classified as problematic has been found in open-telemetry opentelemetry-dotnet-contrib up to 1.15.0. The impacted element is the function HttpJsonPostTransport. Performing a manipulation results in allocation of resources. This vulnerability is identified as CVE-2026-41484. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in PHPOffice PhpSpreadsheet up to 1.30.3/2.1.15/2.4.4/3.10.4/5.6.0. The affected element is an unknown function of the component Placeholder Handler. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-40296. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

Distributed Denial of Service (DDoS) campaign targeted a large-scale user-generated content platform, unleashing over 2.45 billion malicious requests in just five hours. Rather than relying on brute-force methods, the attackers distributed traffic across 1.2 million unique IP addresses. This structural shift exposed a fundamental weakness in traditional rate-limiting defenses. By keeping individual IP request rates extremely […]

The post Massive 2.45B-Request DDoS Attack Used 1.2 Million IPs to Evade Rate Limits appeared first on Cyber Security News.

A CVSS score 7.3 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N severity vulnerability discovered by 'Vladislav Berghici of TrendAI Research' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Adam Babis' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.6 AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Meshaal (@unrealmesh)' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Peter Gabaldon (https://x.com/PedroGabaldon)' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Charbel F.' was reported to the affected vendor on: 2026-05-07, 8 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability marked as problematic has been reported in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. Impacted is the function createBundle of the file csettings.cfc. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2026-40326. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. This issue affects the function cTrash.restore. The manipulation of the argument parentid results in cross-site request forgery. This vulnerability was named CVE-2026-40325. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. This vulnerability affects the function cTrash.empty. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2026-40309. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. This affects the function cUsers.updateAddress. Executing a manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2026-40174. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.4.9. It has been rated as critical. Affected by this issue is some unknown functionality. Performing a manipulation results in incomplete blacklist. This vulnerability is known as CVE-2026-43578. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in OpenClaw up to 2026.4.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component act/evaluate. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-43577. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.4.4. It has been classified as problematic. Affected is an unknown function of the file /json/version of the component WebSocket Endpoint. This manipulation causes open redirect. This vulnerability appears as CVE-2026-43576. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.