Aggregator

A vulnerability identified as problematic has been detected in CDAC-Noida e-Sushrut Hospital Management Information System. The impacted element is an unknown function of the component API Request Handler. This manipulation causes authorization bypass. This vulnerability appears as CVE-2026-42515. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, has been found in CDAC-Noida e-Sushrut Hospital Management Information System. This affects an unknown part. This manipulation of the argument encoded causes authorization bypass. The identification of this vulnerability is CVE-2026-42516. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Complianz Plugin up to 7.4.5 on WordPress. Affected by this vulnerability is the function cmplz_rest_consented_content of the component REST API Endpoint. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-4019. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in CDAC-Noida e-Sushrut Hospital Management Information System. Affected by this issue is some unknown functionality. The manipulation results in use of hard-coded cryptographic key . This vulnerability was named CVE-2026-42518. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as problematic, was found in CDAC-Noida e-Sushrut Hospital Management Information System. This vulnerability affects unknown code of the component Base64 Encoding Handler. Such manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2026-42517. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in CRM Sistemas de Fidelización MegaCMS 12.0.0 and classified as critical. This issue affects some unknown processing of the file /web_comunications/cms/get_provincias of the component POST Request Handler. Performing a manipulation of the argument id_territorio results in sql injection. This vulnerability is identified as CVE-2026-3325. The attack can be initiated remotely. There is not any exploit available.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Microsoft Windows. On April 28, 2026, the agency officially added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability impacts the Microsoft Windows Shell and is actively being exploited in real-world attacks. Organizations worldwide […]

The post CISA Warns Microsoft Windows Shell 0-click Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Submit #803495 / VDB-360123

Раньше кукла говорила «мама», теперь цитирует DeepSeek.

A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attackers to execute arbitrary system commands on vulnerable host machines. With nearly 24,000 stars on GitHub, this […]

The post Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks appeared first on Cyber Security News.

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet because an honest answer requires context – which is something that patch counts and CVSS scores were never designed to provide. Exposure

AI技术的盛行如今让许多人认为产品开发已然是容易的事情，是可以让产品经理岗位消失的可能性，但实际上却并非如此

A vulnerability classified as critical has been found in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. This vulnerability is handled as CVE-2026-7398. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Google has released a critical security update for its Chrome desktop browser to address 30 security vulnerabilities, including four severe flaws that could enable Remote Code Execution (RCE) attacks. The Stable channel has been updated to version 147.0.7727.137/138 for Windows and Mac, and to 147.0.7727.137 for Linux. Google is rolling out this update gradually over […]

The post Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

US-Estonian suspect Peter Stokes arrested in Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches.

Submit #803488 / VDB-360122

В основе — серверы Huawei Kunpeng. Ни одной зарубежной детали.

关键词黑客攻击一个源自巴西的网络犯罪团伙在沉寂三年多后卷土重来，策划了一场针对 Minecraft 玩家的活动

关键词黑客攻击医疗科技大厂 Medtronic（美敦力）当地时间 24 日发布公告，确认有未经授权的第三方访问

关键词黑客据新华社援引伊朗法尔斯通讯社 28 日报道，伊朗 " 汉达拉黑客 " 组织称，已在互联网上公开了驻扎