Aggregator

A vulnerability identified as critical has been detected in Cleanersoft Free MP3 CD Ripper 2.8. Affected by this vulnerability is an unknown functionality of the component WAV File Parser. This manipulation causes stack-based buffer overflow. This vulnerability is tracked as CVE-2020-37000. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in Elaniin CMS 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument email/password results in sql injection. This vulnerability is identified as CVE-2020-36999. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in TimeClock 1.01. It has been rated as critical. This impacts an unknown function of the file add_entry.php. The manipulation of the argument notes leads to sql injection. This vulnerability is referenced as CVE-2020-37005. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in crm-now berliCRM 1.0.24. It has been declared as critical. This affects an unknown function of the file index.php of the component HTTP POST Request Handler. Executing a manipulation of the argument src_record can lead to sql injection. The identification of this vulnerability is CVE-2020-37006. The attack may be launched remotely. Furthermore, there is an exploit available.

The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second. [...]

A vulnerability was found in D-Link DWR-M961 1.1.47. It has been classified as critical. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. This vulnerability was named CVE-2026-1625. The attack may be initiated remotely. In addition, an exploit is available.

Virtue AI announced AgentSuite, a multi-layer security and compliance platform for enterprise AI agents. Organizations worldwide are deploying agents that modify databases, trigger payments, and access systems containing sensitive information. AgentSuite is the AI-native platform built specifically for this new reality, enabling enterprises to test and secure AI agents as complete systems, enforce security policies for agents and tool calls, and prevent insecure or out-of-policy actions in real time. According to IBM, 79% of enterprises … More →

The post Virtue AI AgentSuite enables enterprises to test and secure AI agents appeared first on Help Net Security.

Microsoft plans to introduce a call reporting feature in Teams by mid-March, allowing users to flag suspicious or unwanted calls as potential scams or phishing attempts. [...]

Submit #740792 / VDB-343384

中国允许三大科技公司进口英伟达 H200 芯片。字节跳动、阿里巴巴和腾讯获准购买逾 40 万颗 H200 芯片。美国是在 1 月 13 日批准出口 H200 芯片，但中国海关随后发出了不允许进口的通知。H200 是英伟达在 B200 之后性能第二强的 AI 芯片，其性能是以前允许出口到中国的 H20 芯片的六倍。华为等公司已推出性能接近 H20 的产品，但它们的性能距离 H200 还很遥远。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical authentication bypass vulnerability in multiple Fortinet products, actively exploited in the wild. Tracked as CVE-2026-24858, the flaw allows attackers with a FortiCloud account to hijack sessions on devices registered to other accounts when FortiCloud Single Sign-On (SSO) is enabled. First […]

The post CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A vulnerability was found in D-Link DWR-M961 1.1.47 and classified as critical. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. This vulnerability is uniquely identified as CVE-2026-1624. The attack can be launched remotely. Moreover, an exploit is present.

История падения семьи Мин, которая превратила город в Мьянме в «фабрику афер».

A vulnerability has been found in Totolink A7000R 4.1cu.4154 and classified as critical. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. This vulnerability is handled as CVE-2026-1623. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #740770 / VDB-343383

Submit #740767 / VDB-343382

The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The compromise also resulted in the eScan antivirus on those endpoints to stop working as intended, since the trojanized eScan update tampered with the solution’s registry, files and update configuration to block remote updates, Morphisec researchers said on Thursday. MicroWorld’s incident response It’s unknown when … More →

The post eScan AV users targeted with malicious updates appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in Red Hat osim. This issue affects some unknown processing of the component Nginx Configuration File. The manipulation of the argument $uri$args results in path traversal. This vulnerability is known as CVE-2026-1616. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in QR Menu Pro Smart Menu Systems Menu Panel up to 29012026. This vulnerability affects unknown code. The manipulation leads to session fixiation. This vulnerability is traded as CVE-2025-7014. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in QR Menu Pro Smart Menu Systems Menu Panel up to 29012026. This affects an unknown part. Executing a manipulation can lead to authorization bypass. This vulnerability appears as CVE-2025-7013. The attack may be performed from remote. There is no available exploit.