Aggregator

A vulnerability marked as problematic has been reported in helpyio helpy 2.8.0. This affects an unknown part of the component Knowledge Base Doc Rendering Logic. This manipulation of the argument body causes cross site scripting. This vulnerability is registered as CVE-2026-40230. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as problematic has been found in helpyio helpy 2.8.0. Affected by this issue is some unknown functionality. The manipulation of the argument account name results in cross site scripting. This vulnerability is cataloged as CVE-2026-40229. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in Netskope Client up to 129.1.7/132.0.22/135.0.x/136.0 on Windows. Affected by this vulnerability is an unknown functionality of the component Endpoint DLP Module. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-2810. The attack must be carried out locally. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in libsndfile 1.2.2. Affected is an unknown function of the component WAV File Handler. Executing a manipulation can lead to buffer overflow. This vulnerability is tracked as CVE-2026-37555. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability was found in pgjdbc up to 42.7.10. It has been rated as problematic. This impacts an unknown function. Performing a manipulation results in allocation of resources. This vulnerability is identified as CVE-2026-42198. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

Threat Actor 0056113 Selling Compromised Law-Enforcement Emails and EDR-as-a-Service for Fraudulent Emergency Data Requests

Bitcoin, Ethereum и банковские карты: под угрозой всё.

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the Mini Shai-Hulud – has affected the following packages associated with

A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.

手机取证：从 WhatsApp、Signal 和 Telegram 提取媒体和消息的简单方法在数字调查取证的世

电子数据取证必知的关键技术

Тысячи экспертов проверили на прочность цифровой фундамент цивилизации.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. [...]

A vulnerability was found in Tubitak Bilgem Pardus OS My Computer up to 0.7.x. It has been declared as critical. This affects an unknown function. Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-6849. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

The platforms allegedly flouted the bloc’s Digital Services Act (DSA) by “failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services,” the commission said.

A vulnerability was found in Cockpit up to 2.13.5. It has been classified as critical. The impacted element is an unknown function of the component Buckets. This manipulation causes path traversal. The identification of this vulnerability is CVE-2026-38993. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tubitak Bilgem Pardus Software Center up to 1.0.2 and classified as critical. The affected element is an unknown function. The manipulation results in path traversal. This vulnerability was named CVE-2026-5166. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in cPanel and WHM and classified as critical. Impacted is an unknown function. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-41940. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Cockpit up to 2.13.5. This issue affects the function _isFileTypeAllowed of the component Bucket. Executing a manipulation can lead to improper access controls. This vulnerability is handled as CVE-2026-38991. The attack can be executed remotely. There is not any exploit available.