Aggregator

CVE-2023-52899 | Linux Kernel up to 4.19.270/5.4.229/5.10.164/5.15.89/6.1.7 axi_chan_handle_err null pointer dereference (Nessus ID 207884 / WID-SEC-2024-1888)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.270/5.4.229/5.10.164/5.15.89/6.1.7. This affects the function axi_chan_handle_err. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2023-52899. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-24708 | OpenStack Nova up to 30.2.1/31.2.0/32.1.0 qemu-img stack-based overflow

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability categorized as critical has been discovered in OpenStack Nova up to 30.2.1/31.2.0/32.1.0. This affects an unknown part of the component qemu-img. The manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-24708. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-6460 | Display During Conditional Shortcode Plugin up to 1.2 on WordPress Message cross site scripting

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in Display During Conditional Shortcode Plugin up to 1.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Executing a manipulation of the argument Message can lead to cross site scripting. The identification of this vulnerability is CVE-2025-6460. The attack may be launched remotely. There is no exploit available.
vuldb.com

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

The Hackers News
1 month 3 weeks ago
A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase.
The Hacker News

CVE-2026-1296 | Frontend Post Submission Manager Lite Plugin up to 1.2.7 on WordPress POST Parameter verify_username_password requested_page redirect

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as problematic, was found in Frontend Post Submission Manager Lite Plugin up to 1.2.7 on WordPress. The impacted element is the function verify_username_password of the component POST Parameter Handler. The manipulation of the argument requested_page results in open redirect. This vulnerability is known as CVE-2026-1296. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-69330 | Prestige Plugin up to 1.4.0 on WordPress cross site scripting

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability described as problematic has been identified in Prestige Plugin up to 1.4.0 on WordPress. This vulnerability affects unknown code. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-69330. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-1714 | ShopLentor Plugin up to 3.3.2 on WordPress woolentor_suggest_price_action send_to/product_title/wlmessage/wlemail improper authentication

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability marked as critical has been reported in ShopLentor Plugin up to 3.3.2 on WordPress. This affects the function woolentor_suggest_price_action. This manipulation of the argument send_to/product_title/wlmessage/wlemail causes improper authentication. This vulnerability is registered as CVE-2026-1714. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities

Cyber Security News
1 month 3 weeks ago

SINGAPORE, Singapore, February 17th, 2026, CyberNewswire The OWASP Smart Contract Security Project has released the OWASP Smart Contract Top 10 2026, a risk prioritization framework developed from structured analysis of real world exploit data observed across blockchain ecosystems in 2025. Crypto protocols continued to experience significant smart contract failures in 2025, with exploit patterns increasingly […]

The post CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities appeared first on Cyber Security News.

Cybernewswire

Kill

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

CVE-2025-65753 | Guardian Gryphon 01.06.0006.22 TLS Certification privilege escalation

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability identified as critical has been detected in Guardian Gryphon 01.06.0006.22. Affected by this vulnerability is an unknown functionality of the component TLS Certification Handler. The manipulation leads to privilege escalation. This vulnerability is listed as CVE-2025-65753. The attack must be carried out from within the local network. There is no available exploit.
vuldb.com

Managed ad