Aggregator

A vulnerability was found in Space Applications Services Yamcs 5.8.6 and classified as problematic. This affects an unknown function of the component ArchiveBrowser. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2023-46470. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as problematic has been discovered in juzawebCMS up to 3.4. Impacted is an unknown function of the component Registration Page. Such manipulation of the argument Username leads to cross site scripting. This vulnerability is documented as CVE-2023-46467. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in SourceCodester Free and Open Source Inventory Management System 1.0. Impacted is an unknown function of the component Password Change Handler. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2023-46449. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in dmpop Mejiro. The impacted element is an unknown function of the component Image Metadata Handler. This manipulation causes cross site scripting. This vulnerability appears as CVE-2023-46448. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

🐎希望大家新的一年平安·健康·好运

看雪论坛作者ID：飞翔的猫咪

A vulnerability was found in WAYOS FBM-220G 24.10.19. It has been declared as critical. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. This vulnerability is handled as CVE-2026-2548. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Google released a security update for Chrome to address a high-severity zero‑day vulnerability (CVE-2026-2441) on Friday. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” the company said. About CVE-2026-2441 CVE-2026-2441 is a use-after-free bug in the CSS processing component of Google Chrome, which allows a remote attacker “to execute arbitrary code inside a sandbox via a crafted HTML page.” The vulnerability was reported by researcher Shaheen Fazim on February 11, 2026. … More →

The post Google patches Chrome vulnerability with in-the-wild exploit (CVE-2026-2441) appeared first on Help Net Security.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.16.7/6.17-rc5. This impacts the function fuse_dev_do_write of the component fuse. This manipulation causes out-of-bounds write. The identification of this vulnerability is CVE-2025-39888. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.16.7/6.17-rc5. Affected is the function bitmap_parselist. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-39887. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

Cybersecurity experts at Moonlock Lab have discovered a new ClickFix attack. Hackers are using hijacked Google Ads and fake Claude AI guides to trick Mac users into installing the data-stealing MacSync malware.

Сможет ли искусственный интеллект заменить терапевта там, где просить о помощи стыдно.

Google has released the first beta of Android 17, giving developers an early view of changes to core app behavior, platform tooling, performance, media handling, and connectivity. The company plans to move quickly from this beta toward the Platform Stability milestone, targeted for March, where final APIs and behavior definitions for apps will be delivered. After that, developers will have several months before the final stable release. The roadmap includes quarterly updates, with the Q2 … More →

The post Android 17 beta brings privacy, security, and performance changes appeared first on Help Net Security.

Dutch telco Odido has revealed a major data breach impacting over six million customers

Группа ChainedShark более года похищала данные о морских технологиях Китая.

Meerdere gamers zijn wat Defensie betreft geschikt om een gooi te doen naar functies op het gebied van ICT, IT en cyber. Dat bleek uit het wervingsevenement Code D, de eerste editie van de Defensie Digital Experience. Code D speelde zich afgelopen weekend af in Nijkerk en trok rond de 60 enthousiaste gamers. Zij werden in de watten gelegd met gratis onderdak en eten. Defensie reikte ook prijzen uit, bijvoorbeeld een high end tower case, een soort koelende behuizing voor de pc.

Why D3 Morpheus’s alert-native autonomy delivers true L2+ investigation, self-healing integrations, and faster time-to-value without the engineering burden.

The post Don’t Settle for an AI SOAR: The Case for Autonomous SOC Operations appeared first on D3 Security.

The post Don’t Settle for an AI SOAR: The Case for Autonomous SOC Operations appeared first on Security Boulevard.

Learn how PIM login security protects product data with strong authentication, access controls, and secure identity management.

The post PIM Login Security appeared first on Security Boulevard.

Vim 9.2 adds a range of incremental changes focused on scripting, usability, and cross-platform support. The update includes improvements to completion behavior, expanded Vim9 language features, and new options for diff mode. Completion updates in insert mode Vim 9.2 includes expanded completion behavior, including fuzzy matching support during insert-mode completion. Users can also complete words from registers using standard completion key sequences. The release adds more flags and configuration options that control how completion matches … More →

The post Vim 9.2 adds scripting updates, diff improvements, and experimental Wayland support appeared first on Help Net Security.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.106/6.12.47/6.16.7/6.17-rc5. The impacted element is the function bpf_timer_init of the component BPF Call Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-39886. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.