Aggregator

A vulnerability was found in SonicWall SonicOS. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2026-0402. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in exiftool up to 13.49 on macOS. It has been classified as critical. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. This vulnerability is tracked as CVE-2026-3102. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability was found in Intelbras TIP 635G 1.12.3.5 and classified as critical. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. This vulnerability is identified as CVE-2026-3101. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in payloadcms payload up to 3.74.x. Impacted is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-27567. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in ChaiScript up to 6.1.0. It has been classified as problematic. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. The manipulation leads to uncontrolled recursion. This vulnerability is traded as CVE-2026-3384. An attack has to be approached locally. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in ChaiScript up to 6.1.0 and classified as problematic. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. This vulnerability appears as CVE-2026-3383. The attack requires local access. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability has been found in ChaiScript up to 6.1.0 and classified as problematic. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. This vulnerability is reported as CVE-2026-3382. The attack requires a local approach. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

Submit #761303 / VDB-348270

Submit #761302 / VDB-348269

Submit #761301 / VDB-348268

Что реально используют профессионалы?

A vulnerability, which was classified as problematic, was found in Microchip TimePictra up to 11.3 SP2. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-3010. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in Microchip TimePictra up to 11.3 SP2. Impacted is an unknown function of the component Configuration Handler. This manipulation causes missing authentication. This vulnerability is registered as CVE-2026-2844. Remote exploitation of the attack is possible. No exploit is available.

Самые тревожные выводы из нового масштабного исследования Hunt & Hackett.

Metacritic 是一家聚合电影、电视、音乐专辑、游戏评测及其评分的网站，它会基于相关评分给出一个加权平均值。Metacritic 成立于 2001 年，至今有 25 年历史，它的综合评分获得了广泛认可。网站联合创始人 Marc Doyle 在一份声明中表示 Metacritic 不会收录 AI 生成的评测。在这之前，一家叫 Videogamer.com 的英国老牌游戏网站（曾经很受欢迎）在被博彩公司收购之后解雇了大部分员工，然后用 AI 生成了新游戏的评测和评分。该网站评测作者的肖像是用 ChatGPT 生成的。Metacritic 在获悉之后删除了该网站的评测。

Announcement Comes Hours After Trump Blacklists Anthropic
OpenAI said late Friday night it reached an agreement with the U.S. Department of Defense to deploy its large language models onto military classified networks. The announcement came hours after President Donald Trump instructed federal agencies to cease using AI developed by OpenAI rival Anthropic.

Trump Says Combat Targets Regime in Tehran, As Iran Responds With Missile Attacks
U.S. President Donald Trump announced the launch of "major combat operations in Iran," in coordination with Israel, targeting the regime in Tehran over its nuclear ambitions. Iran responded with missile attacks, as cybersecurity experts forecast online reprisals.

Build an AI agent for adaptive MFA decisioning using risk-based authentication, machine learning, and intelligent security automation.

The post Building an AI Agent for Adaptive MFA Decisioning appeared first on Security Boulevard.