Aggregator

CVE-2026-33899 | ImageMagick up to 6.9.13-43/7.1.2-18 XML File Parser heap-based overflow (GHSA-cr67-pvmx-2pp2 / Nessus ID 310088)

Vuldb Updates
3 weeks 2 days ago
A vulnerability classified as critical was found in ImageMagick up to 6.9.13-43/7.1.2-18. Impacted is an unknown function of the component XML File Parser. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-33899. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

Hackers Use Pastebin-Hosted PowerShell Script to Steal Telegram Sessions

Cyber Security News
3 weeks 2 days ago

Cybersecurity researchers have uncovered a purpose-built PowerShell script hosted on Pastebin that is designed to silently steal Telegram session data from both desktop and web-based clients. The script is disguised as a routine Windows system update, making it easy for unsuspecting users to run it without raising any alarms. The malicious script is titled “Windows […]

The post Hackers Use Pastebin-Hosted PowerShell Script to Steal Telegram Sessions appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-41044 | Apache ActiveMQ up to 5.19.5/6.2.4 DestinationView MBean privilege escalation (EUVD-2026-25412 / WID-SEC-2026-1258)

Vuldb Updates
3 weeks 2 days ago
A vulnerability was found in Apache ActiveMQ up to 5.19.5/6.2.4. It has been classified as problematic. This vulnerability affects unknown code of the component DestinationView MBean. Performing a manipulation results in privilege escalation. This vulnerability is known as CVE-2026-41044. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-62233 | Apache DolphinScheduler 3.2.x/3.3.0 RPC deserialization (EUVD-2025-209572)

Vuldb Updates
3 weeks 2 days ago
A vulnerability identified as critical has been detected in Apache DolphinScheduler 3.2.x/3.3.0. This issue affects some unknown processing of the component RPC Handler. Performing a manipulation results in deserialization. This vulnerability is cataloged as CVE-2025-62233. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-4313 | C&F AdaptiveGRC up to 5.499.112 Authentication Token cross site scripting (EUVD-2026-25414)

Vuldb Updates
3 weeks 2 days ago
A vulnerability identified as problematic has been detected in C&F AdaptiveGRC. The impacted element is an unknown function of the component Authentication Token Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-4313. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2026-23902 | Apache DolphinScheduler up to 3.4.0 behavioral workflow (EUVD-2026-25413)

Vuldb Updates
3 weeks 2 days ago
A vulnerability labeled as problematic has been found in Apache DolphinScheduler up to 3.4.0. Impacted is an unknown function. Executing a manipulation can lead to enforcement of behavioral workflow. This vulnerability is registered as CVE-2026-23902. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-6043 | Perforce Helix Core Server up to 2025.2 insecure default initialization of resource (EUVD-2026-25415)

Vuldb Updates
3 weeks 2 days ago
A vulnerability categorized as critical has been discovered in Perforce Helix Core Server up to 2025.2. The affected element is an unknown function. Executing a manipulation can lead to insecure default initialization of resource. This vulnerability is tracked as CVE-2026-6043. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2023-27351

CVE Trends
3 weeks 2 days ago
Currently trending CVE - Hype Score: 1 - This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results ...

CVE-2024-27199

CVE Trends
3 weeks 2 days ago
Currently trending CVE - Hype Score: 2 - In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

CVE-2026-41126 | BigBlueButton up to 3.0.23 Requests logoutURL redirect (GHSA-cvwj-4pcp-f3g8 / CNNVD-202604-4539)

Vuldb Updates
3 weeks 2 days ago
A vulnerability was found in BigBlueButton up to 3.0.23. It has been classified as problematic. This issue affects some unknown processing of the component Requests Handler. This manipulation of the argument logoutURL causes open redirect. This vulnerability is registered as CVE-2026-41126. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

Users advised to drop passwords and make room for passkeys

Help Net Security
3 weeks 2 days ago

In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, positioning them as the future of authentication. “Passkeys should become consumers’ first choice for logging into digital services,” NCSC said. Overhauling decades of security guidance, the agency will no longer recommend passwords where passkeys are available, citing their weaker resistance to current cyber threats. Since most breaches … More →

The post Users advised to drop passwords and make room for passkeys appeared first on Help Net Security.

Sinisa Markovic

Managed ad