Aggregator

Двигатель будущих межпланетных миссий прошел ключевой тест.

A vulnerability has been found in arc53 DocsGPT up to 0.15.x and classified as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in command injection. This vulnerability is known as CVE-2026-26015. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Wazuh up to 4.14.3. Affected is an unknown function of the file /security/user/authenticate. Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is traded as CVE-2026-26206. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Wazuh up to 4.14.3. This impacts the function GetAlertData of the component Alert Handler. This manipulation causes buffer underwrite. This vulnerability appears as CVE-2026-26204. The attack requires local access. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in MongoDB Server up to 7.0.31/8.0.20/8.2.6. This affects an unknown function of the component Management Command Handler. The manipulation results in improper validation of specified quantity in input. This vulnerability is reported as CVE-2026-6915. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Wazuh up to 4.14.3. The impacted element is the function parse_uname_string of the file remoted_op.c. The manipulation leads to buffer underwrite. This vulnerability is documented as CVE-2026-41499. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Wazuh up to 4.14.3. The affected element is the function print_hex_string. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-28221. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in berabuddies AgentFlow. Impacted is an unknown function of the file /api/runs of the component Localhost API. Performing a manipulation results in origin validation error. This vulnerability is cataloged as CVE-2026-7439. The attack must be initiated from a local position. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability labeled as critical has been found in Wazuh up to 4.14.3. This issue affects some unknown processing of the component Cluster Synchronization Extraction Routine. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-30893. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. [...]

Проект FLAMINGO выложил один из крупнейших наборов космологических симуляций, чтобы исследователи по всему миру изучали рост галактик и структуру космоса.

These are the top threats you should know about this week.

Air travel is entering another high-stakes summer, and early activity shows that global air passenger demand increased by 3.8 percent in January 2026 versus 2025. Ticket prices remain elevated due to rising fuel costs, demand is strong, and passengers, conditioned by years of disruption, are no longer willing to...

Как жаль, что это ловушка…

OSS can be too risky for banks and FinTechs working to meet security, governance, and compliance demands. Know the risks.

The post Why Financial Services Leaders Are Re-Evaluating Open Source for Database Change Management appeared first on Security Boulevard.

Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections.

Cybersecurity doesn’t start with tools—it starts with mindset.

The post From Army Ranger to Ethical Hacker: What Cybersecurity Can Learn from the Battlefield appeared first on Security Boulevard.

A vulnerability identified as critical has been detected in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. This vulnerability is tracked as CVE-2026-7447. The attack is possible to be carried out remotely. Moreover, an exploit is present.