INC
You must login to view this content
Aggregator
Handala
1 month 2 weeks ago
You must login to view this content
cohenido
Florida woman imprisoned for massive Microsoft license fraud scheme
1 month 2 weeks ago
A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. [...]
Sergiu Gatlan
CVE-2026-27830 | swaldman c3p0 up to 0.11.x JNDI Interface ConnectionPoolDataSource deserialization (GHSA-5476-xc4j-rqcv / Nessus ID 300173)
1 month 2 weeks ago
A vulnerability classified as problematic has been found in swaldman c3p0 up to 0.11.x. This affects the function ConnectionPoolDataSource of the component JNDI Interface. The manipulation leads to deserialization.
This vulnerability is uniquely identified as CVE-2026-27830. The attack can only be initiated within the local network. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-27141 | x-net-http2 up to 0.50.x HTTP/2 Frame null pointer dereference (Nessus ID 300177)
1 month 2 weeks ago
A vulnerability has been found in x-net-http2 up to 0.50.x and classified as problematic. This vulnerability affects unknown code of the component HTTP2 Frame Handler. This manipulation causes null pointer dereference.
This vulnerability appears as CVE-2026-27141. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2021-4456 | MRSAM Net::CIDR up to 0.23 on Perl cidrvalidate type conversion (Nessus ID 300179)
1 month 2 weeks ago
A vulnerability was found in MRSAM Net::CIDR up to 0.23 on Perl. It has been declared as critical. This issue affects the function cidrvalidate. Executing a manipulation can lead to incorrect type conversion.
This vulnerability appears as CVE-2021-4456. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-27950 | FreeRDP up to 3.22.x use after free (GHSA-rvfg-86cr-5r6p / Nessus ID 300174)
1 month 2 weeks ago
A vulnerability identified as critical has been detected in FreeRDP up to 3.22.x. This vulnerability affects unknown code. The manipulation leads to use after free.
This vulnerability is uniquely identified as CVE-2026-27950. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2026-26271 | FreeRDP up to 3.22.x libfreerdp/codec/color.c freerdp_image_copy_from_icon_data buffer over-read (GHSA-hr4m-ph4g-48j6 / Nessus ID 300182)
1 month 2 weeks ago
A vulnerability classified as problematic has been found in FreeRDP up to 3.22.x. This issue affects the function freerdp_image_copy_from_icon_data of the file libfreerdp/codec/color.c. This manipulation causes buffer over-read.
This vulnerability is tracked as CVE-2026-26271. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-22035 | Greenshot up to 1.3.310 ExternalCommandDestination.cs FormatArguments os command injection (GHSA-7hvw-q8q5-gpmj / Nessus ID 300181)
1 month 2 weeks ago
A vulnerability has been found in Greenshot up to 1.3.310 and classified as critical. This affects the function FormatArguments of the file ExternalCommandDestination.cs. The manipulation leads to os command injection.
This vulnerability is uniquely identified as CVE-2026-22035. Local access is required to approach this attack. No exploit exists.
The affected component should be upgraded.
vuldb.com
CVE-2025-31648 | Intel Processor values (intel-sa-01396 / Nessus ID 300189)
1 month 2 weeks ago
A vulnerability labeled as problematic has been found in Intel Processor. Affected by this issue is some unknown functionality. Such manipulation leads to improper handling of values.
This vulnerability is documented as CVE-2025-31648. The attack needs to be performed locally. There is not any exploit available.
vuldb.com
CVE-2026-0752 | GitLab Community Edition/Enterprise Edition up to 18.7.4/18.8.4/18.9.0 Mermaid Sandbox UI cross site scripting (Issue 585371 / Nessus ID 300183)
1 month 2 weeks ago
A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.7.4/18.8.4/18.9.0 and classified as problematic. This vulnerability affects unknown code of the component Mermaid Sandbox UI. Performing a manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2026-0752. It is possible to initiate the attack remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-25952 | FreeRDP up to 3.22.x xf_SetWindowMinMaxInfo use after free (GHSA-cgqm-cwjg-7w9x / Nessus ID 300191)
1 month 2 weeks ago
A vulnerability, which was classified as critical, has been found in FreeRDP up to 3.22.x. The affected element is the function xf_SetWindowMinMaxInfo. Performing a manipulation results in use after free.
This vulnerability is cataloged as CVE-2026-25952. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
Кажется, мы неправильно считали возраст Вселенной. Телескоп за 10 миллиардов долларов нашел лишнее
1 month 2 weeks ago
Астрономы нашли галактики, которых не должно быть.
VMware security advisory (AV26-186)
1 month 2 weeks ago
Canadian Centre for Cyber Security
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
1 month 2 weeks ago
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
The Hacker News
When Trusted Authentication Enables Privilege Escalation
1 month 2 weeks ago
Active Directory remains the backbone of enterprise identity. Despite years of modernization efforts, many organizations still rely on legacy authentication protocols that were never designed for today’s threat landscape. New reporting from Dark Reading highlights how attackers continue to abuse NTLM and Kerberos within Microsoft Active Directory environments to escalate privileges, move laterally, and maintain
The post When Trusted Authentication Enables Privilege Escalation appeared first on Seceon Inc.
The post When Trusted Authentication Enables Privilege Escalation appeared first on Security Boulevard.
Aditya Kumar
万家团圆,网安同庆,诸事“圆”满 🌕
1 month 2 weeks ago
各位T00ls坛友、网络安全同仁 👋:
上元月正圆 🌝,春满旧山河 🌸。在这灯月交辉 ✨、万家团圆 👨👩👧👦 的良辰美景,T00ls论坛向所有日夜坚守在网络安全一线的您 ,致以最深切的节日问候!🎉
我们深知,网络世界的每一个安全节点 ,都离不开您的默默守护 。正如海报上那碗热气腾腾 ♨️、象征团圆的元宵 🥣,是我们追求的安全防线的完整 ,是漏洞修补后的无瑕 。
愿这碗寓意美好的汤圆,能为您扫去敲代码和挖洞的疲惫 🍵。在这个美好的夜晚 🌃,不仅要保障业务上的“诸事成‘圆’” ,更祝您:
🔍 漏洞无处遁形 🏰 防线坚如磐石 ⚔️ 攻防技高一筹 ❤️ 生活阖家安康
T00ls始终与您并肩同行 🤝。
让我们在这团圆之夜,互道一声:元宵快乐 🏮,网安同行!🚀
HPE security advisory (AV26-185)
1 month 2 weeks ago
Canadian Centre for Cyber Security
Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely
1 month 2 weeks ago
A high-severity security vulnerability has been discovered in Google Chrome’s integrated Gemini AI assistant, exposing users to unauthorized camera and microphone access, local file theft, and phishing attacks, all without requiring any user interaction beyond launching the browser’s built-in AI panel. Tracked as CVE-2026-0628, the flaw was uncovered by researchers at Palo Alto Networks’ Unit […]
The post Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely appeared first on Cyber Security News.
Guru Baran
CVE-2026-23600 | HPE AutoPass License Server up to 9.18 improper authentication (EUVD-2026-9179)
1 month 2 weeks ago
A vulnerability categorized as critical has been discovered in HPE AutoPass License Server up to 9.18. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper authentication.
This vulnerability is registered as CVE-2026-23600. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com