Aggregator

CVE-2026-24178 | NVIDIA FLARE SDK NVFlare Dashboard authorization

2 weeks 4 days ago

A vulnerability has been found in NVIDIA FLARE SDK and classified as very critical. This affects an unknown part of the component NVFlare Dashboard. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2026-24178. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2026-41374 | OpenClaw up to 2026.3.30 Discord Audio Preflight Transcription amplification (GHSA-hhff-fj5f-qg48)

VulDB Recent Entries

2 weeks 4 days ago

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.3.30. Affected by this issue is some unknown functionality of the component Discord Audio Preflight Transcription. Executing a manipulation can lead to incorrect behavior order: early amplification. This vulnerability appears as CVE-2026-41374. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

vuldb.com

Permissions: How many is too many?

Red Carnary: YouTube Channel

2 weeks 4 days ago

Red Canary, a Zscaler company

MNT6 New Threat Actor

Dark Feed IO

2 weeks 4 days ago

You must login to view this content

cohenido

MNT6

Dark Feed IO

2 weeks 4 days ago

You must login to view this content

cohenido

MNT6

Dark Feed IO

2 weeks 4 days ago

You must login to view this content

cohenido

CVE-2025-41658

CVE Trends

2 weeks 4 days ago

Currently trending CVE - Hype Score: 7 - CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

CVE-2025-41659

CVE Trends

2 weeks 4 days ago

Currently trending CVE - Hype Score: 7 - A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only ...

CVE-2024-7399

CVE Trends

2 weeks 4 days ago

Currently trending CVE - Hype Score: 8 - Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

Vidar Rises to Top of Chaotic Infostealer Market

darkreading

2 weeks 4 days ago

The malware has filled the gap created by last year's law enforcement takedowns of Lumma and Rhadamanthys.

Jai Vijayan

Video service Vimeo confirms Anodot breach exposed user data

Bleeping Computer.

2 weeks 4 days ago

Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. [...]

Bill Toulas

[un]prompted 2026 – Flash Talks

Security Boulevard

2 weeks 4 days ago

Author, Creator & Presenter: Gadi Evron, CEO, Knostic. CFP Chair, [un]prompted & Various Respected Authors, Creators & Presenters

Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.

Permalink

The post [un]prompted 2026 – Flash Talks appeared first on Security Boulevard.

Marc Handelman

CVE-2026-38949 | HTMLy 3.1.1 /add/content?type=image cross site scripting

VulDB Recent Entries

2 weeks 4 days ago

A vulnerability, which was classified as problematic, has been found in HTMLy 3.1.1. Affected by this vulnerability is an unknown functionality of the file /add/content?type=image. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-38949. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2026-5794 | Ercom Cryptobox up to 4.37.x/4.40.175 multiple resources with duplicate identifier

VulDB Recent Entries

2 weeks 4 days ago

A vulnerability classified as problematic was found in Ercom Cryptobox up to 4.37.x/4.40.175. Affected is an unknown function. Such manipulation leads to use of multiple resources with duplicate identifier. This vulnerability is documented as CVE-2026-5794. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2026-6238 | GNU C Library up to 2.33 DNS Response ns_printrrf/ns_printrr/fp_nquery buffer over-read

VulDB Recent Entries

2 weeks 4 days ago

A vulnerability classified as problematic has been found in GNU C Library up to 2.33. This impacts the function ns_printrrf/ns_printrr/fp_nquery of the component DNS Response Handler. This manipulation causes buffer over-read. This vulnerability is registered as CVE-2026-6238. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

WorldLeaks

Dark Feed IO

2 weeks 4 days ago

You must login to view this content

cohenido

«Может, там всё-таки была жизнь?». На Марсе нашли органику, которой там быть не должно

Securitylab.ru

2 weeks 4 days ago

В породе из древнего марсианского озера ученые нашли 21 углеродсодержащее соединение, включая семь совершенно новых для Красной планеты.

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

The Hackers News

2 weeks 4 days ago

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve

The Hacker News

Qilin

Dark Feed IO

2 weeks 4 days ago

You must login to view this content

cohenido

Qilin

Dark Feed IO

2 weeks 4 days ago

You must login to view this content

cohenido

Aggregator

Managed ad