Aggregator

CVE-2026-24350 | PluXml CMS 5.8.21/5.9.0-rc7 SVG File Parser cross site scripting

1 month 2 weeks ago

A vulnerability, which was classified as problematic, has been found in PluXml CMS 5.8.21/5.9.0-rc7. The affected element is an unknown function of the component SVG File Parser. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-24350. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2026-24352 | PluXml CMS 5.8.21/5.9.0-rc7 Session Identifier session fixiation

VulDB Recent Entries

1 month 2 weeks ago

A vulnerability classified as critical was found in PluXml CMS 5.8.21/5.9.0-rc7. Impacted is an unknown function of the component Session Identifier Handler. Executing a manipulation can lead to session fixiation. This vulnerability is handled as CVE-2026-24352. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2026-1434 | Politechnika Warszawska Omega-PSIR up to 4.6.6 URL lang cross site scripting

VulDB Recent Entries

1 month 2 weeks ago

A vulnerability classified as problematic has been found in Politechnika Warszawska Omega-PSIR up to 4.6.6. This issue affects some unknown processing of the component URL Handler. Performing a manipulation of the argument lang results in cross site scripting. This vulnerability is known as CVE-2026-1434. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-21659 | Johnson Controls Frick Controls Quantum HD up to 10.22 path traversal (icsa-26-057-01)

VulDB Recent Entries

1 month 2 weeks ago

A vulnerability described as problematic has been identified in Johnson Controls Frick Controls Quantum HD up to 10.22. This vulnerability affects unknown code. Such manipulation leads to relative path traversal. This vulnerability is traded as CVE-2026-21659. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2026-21660 | Johnson Controls Frick Controls Quantum HD up to 10.22 credentials storage (icsa-26-057-01)

VulDB Recent Entries

1 month 2 weeks ago

A vulnerability marked as problematic has been reported in Johnson Controls Frick Controls Quantum HD up to 10.22. This affects an unknown part. This manipulation causes unprotected storage of credentials. This vulnerability appears as CVE-2026-21660. The attack requires local access. There is no available exploit.

vuldb.com

CVE-2025-11251 | Dayneks E-Commerce Platform up to 27022026 sql injection

VulDB Recent Entries

1 month 2 weeks ago

A vulnerability labeled as critical has been found in Dayneks E-Commerce Platform up to 27022026. Affected by this issue is some unknown functionality. The manipulation results in sql injection. This vulnerability is reported as CVE-2025-11251. The attack can be launched remotely. No exploit exists.

vuldb.com

Top 7 Cloud Scanner for Vulnerabilities in 2026

Security Boulevard

1 month 2 weeks ago

We talk about ‘Vulnerability Management’ collectively as important! But, when security is not confined to only “finding every CVE” and more about shrinking exploitable paths faster than the business ships change, we need to go inclusive and focus on everything. Today, we focus on ‘managing cloud vulnerability’. Security leaders can’t buy their way out of […]

The post Top 7 Cloud Scanner for Vulnerabilities in 2026 appeared first on Kratikal Blogs.

The post Top 7 Cloud Scanner for Vulnerabilities in 2026 appeared first on Security Boulevard.

Puja Saikia

Infostealers Fuel Large‑Scale Brute‑Forcing of Corporate SSO Gateways Using Stolen Credentials

Cyber Security News

1 month 2 weeks ago

A wave of credential stuffing attacks has exposed a troubling shift in how threat actors are breaking into corporate networks — not by exploiting software vulnerabilities, but by simply logging in with stolen passwords. At the center of this campaign are infostealer malware families, which silently harvest credentials from infected employee devices and feed them […]

The post Infostealers Fuel Large‑Scale Brute‑Forcing of Corporate SSO Gateways Using Stolen Credentials appeared first on Cyber Security News.

Tushar Subhra Dutta

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The Hackers News

1 month 2 weeks ago

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware

The Hacker News

Почти $155 миллионов выручки. Очередной медицинский гигант признал бессилие перед хакерами

Securitylab.ru

1 month 2 weeks ago

Компания UFP Technologies уведомила власти США о масштабном взломе систем.

Public Google API keys can be used to expose Gemini AI data

Security Boulevard

1 month 2 weeks ago

Researchers found that Google API keys long treated as harmless can now unlock access to Gemini.

The post Public Google API keys can be used to expose Gemini AI data appeared first on Security Boulevard.

Malwarebytes

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Security Affairs

1 month 2 weeks ago

Apple’s iPhone and iPad are now NATO-approved for classified use, listed in the alliance’s Information Assurance Product Catalogue. Apple announced that its iPhone and iPad have received NATO approval to handle classified information. The devices are now officially listed in the NATO Information Assurance Product Catalogue (NIAPC), allowing military personnel to use them securely for […]

Pierluigi Paganini

Ukrainian man pleads guilty to running AI-powered fake ID site

Bleeping Computer.

1 month 2 weeks ago

A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. [...]

Sergiu Gatlan

iOS虚拟手机实现原理解析

软件安全与逆向分析

1 month 2 weeks ago

iOS虚拟手机实现原理解析

Ransom House

Dark Feed IO

1 month 2 weeks ago

You must login to view this content

cohenido

Ransom House

Dark Feed IO

1 month 2 weeks ago

You must login to view this content

cohenido

Operationalizing Risk: Automating Cyber Risk Processes

Security Boulevard

1 month 2 weeks ago

Modern organizations operate in environments where cyber risks evolve daily, cloud infrastructure changes continuously, and compliance expectations intensify across jurisdictions. In this environment, traditional risk management that relies on staticrisk assessments and manual effort is no longer sufficient.

The post Operationalizing Risk: Automating Cyber Risk Processes appeared first on Security Boulevard.

Alison Furneaux

INC

Dark Feed IO

1 month 2 weeks ago

You must login to view this content

cohenido

一个晚上的交通噪音就能增加心脏和血管压力

Solidot

1 month 2 weeks ago

根据发表在《Cardiovascular Research》期刊上的一项研究，仅仅一个晚上的常见交通噪音就能增加心脏和血管的压力。这一发现或有助于解释为什么长期暴露在交通噪音下的人群有更高的高血压和心脏病发病率。74 名健康参与者连续三晚暴露在三种噪声环境之一：无噪声（对照组）、30 次交通噪声或 60 次交通噪声。第二天早上他们会接受标准的血管功能测试“血流介导的血管舒张功能检测（FMD）”。对照组的结果是 9.35%，30 次噪音组是 8.19%，60 次噪音组是 7.73%。暴露在噪音下的参与者的白细胞介素信号传导和趋化性发生了改变。这些改变与炎症和应激反应有关。噪声暴露还使参与者的平均心率增加了 1.23 次/分钟。

AI, Geopolitics and the Cyberthreats That Faced the 2026 Milan–Cortina Winter Games

Security Boulevard

1 month 2 weeks ago

Discover the potential vulnerabilities posed by advanced AI-driven attack strategies and the importance of cybersecurity for athletes, organizers, and supporting businesses.

The post AI, Geopolitics and the Cyberthreats That Faced the 2026 Milan–Cortina Winter Games appeared first on Security Boulevard.

Dan Schiappa

Aggregator

Managed ad