Aggregator

A vulnerability marked as critical has been reported in iCMS 7.0.16. This impacts the function bakupdata. This manipulation causes sql injection. This vulnerability is registered as CVE-2023-39806. The attack requires access to the local network. No exploit is available.

A vulnerability was found in N.V.K.INTER iBSG 3.5. It has been rated as critical. The affected element is an unknown function of the file /portal/user-register.php. Performing a manipulation of the argument a_passwd results in sql injection. This vulnerability was named CVE-2023-39807. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability classified as problematic has been found in N.V.K.INTER iBSG 3.5. Affected by this issue is some unknown functionality of the component SSH. Performing a manipulation results in use of hard-coded password. This vulnerability is cataloged as CVE-2023-39808. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda AC8V4 16.03.34.06. This vulnerability affects the function save_virtualser_data. The manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is documented as CVE-2023-39784. The attack requires being on the local network. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Tenda AC8V4 16.03.34.06. This issue affects the function set_qosMib_list of the component Parameter Handler. The manipulation of the argument list results in stack-based buffer overflow. This vulnerability is reported as CVE-2023-39785. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability has been found in Tenda AC8V4 16.03.34.06 and classified as critical. Impacted is the function sscanf. This manipulation of the argument Time causes stack-based buffer overflow. This vulnerability appears as CVE-2023-39786. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability was found in Renault Easy Link Multimedia System Software 283C35519R. It has been classified as problematic. Impacted is an unknown function of the component WMA File Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2023-39801. It is possible to launch the attack on the physical device. No exploit is available.

A vulnerability described as problematic has been identified in vBulletin 5.7.5/6.0.0. Affected is an unknown function of the file /login.php?do=login of the component Admin Control Panel. The manipulation of the argument url results in cross site scripting. This vulnerability is reported as CVE-2023-39777. The attack can be launched remotely. No exploit exists.

IonQ and SkyWater Technology have entered into a definitive agreement pursuant to which IonQ will acquire SkyWater for $35.00 per share in a cash-and-stock transaction, subject to a collar, implying a total equity value of approximately $1.8 billion. “This transformational acquisition enables IonQ to materially accelerate its quantum computing roadmap and secure its fully scalable supply chain domestically. With secure, U.S.-based design, packaging and chip fabrication – IonQ will benefit from vertical integration across our … More →

The post Quantum computing firm IonQ acquires US semiconductor firm SkyWater for $1.8 billion appeared first on Help Net Security.

In cybersecurity, humans occupy both ends of the vulnerability spectrum. They click what should never be clicked, reuse passwords like heirlooms, and generously donate credentials to phishing pages that look “kind of legit.”  Yet the same species becomes the strongest link once you step inside a SOC.  Cybersecurity professionals don’t fail because they are careless […]

The post Fix Staff Shortage & Burnout in Your SOC with Better Threat Intelligence appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in Linux Kernel up to 6.18.6/6.19-rc5 and classified as critical. The impacted element is the function rt6_uncached_list_del in the library lib/dump_stack.c of the component IPv4. The manipulation results in use after free. This vulnerability is reported as CVE-2026-23004. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.6/6.19-rc5. The affected element is the function damon_call of the component DAMON Sysfs Interface. Executing a manipulation can lead to use after free. This vulnerability is tracked as CVE-2026-23012. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.6/6.19-rc5. This affects an unknown function of the component vmwgfx. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-23008. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5. This vulnerability affects the function __kernel_read of the component buildid. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-23002. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

Кажется, мы окончательно забыли, ради чего вообще создавалась криптовалюта.

今日腊八节，过了腊八就是年。腊八节要喝热腾腾的一碗腊八粥，快乐！

Say hello to Stanley, a new malicious toolkit that guarantees bypassing Google’s Chrome Web Store review process.

A vulnerability was found in Dormakaba Access Manager 92xx-k5 and Access Manager 92xx-k7. It has been rated as very critical. This affects an unknown function. Performing a manipulation results in use of default credentials. This vulnerability is reported as CVE-2025-59108. The attack is possible to be carried out remotely. No exploit exists.

关键词服务器故障在由趋势科技“零日漏洞计划”主办的年度Pwn2Own 汽车安全破解大赛上，参赛团队围绕汽车软硬

关键词黑客据科技媒体 neowin 前天报道，微软 Defender 安全研究人员最近发现一起恶意活动，黑客使