Aggregator

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA News
2 months 3 weeks ago

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  • CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability
  • CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
  • CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
  • CVE-2026-23760 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
  • CVE-2026-24061 GNU InetUtils Argument Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria

CISA

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

The Hackers News
2 months 3 weeks ago
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals.
The Hacker News

CVE-2023-39850 | Schoolmate 1.3 DeleteFunctions.php courseid/teacherid sql injection (EUVD-2023-43550)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Schoolmate 1.3. The affected element is an unknown function of the file DeleteFunctions.php. The manipulation of the argument courseid/teacherid leads to sql injection. This vulnerability is uniquely identified as CVE-2023-39850. The attack can only be initiated within the local network. No exploit exists.
vuldb.com

CVE-2023-39841 | Etekcity 3-in-1 Smart Door Lock 1.0 RFID Tag missing encryption (EUVD-2023-43541)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Etekcity 3-in-1 Smart Door Lock 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component RFID Tag. The manipulation leads to missing encryption of sensitive data. This vulnerability is listed as CVE-2023-39841. It is possible to launch the attack on the physical device. There is no available exploit.
vuldb.com

CVE-2023-39842 | Digoo DG-HAMB Smart Home Security System 1.0 RFID Tag missing encryption (EUVD-2023-43542)

Vuldb Updates
2 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in Digoo DG-HAMB Smart Home Security System 1.0. This affects an unknown part of the component RFID Tag. The manipulation results in missing encryption of sensitive data. This vulnerability is cataloged as CVE-2023-39842. An attack on the physical device is feasible. There is no exploit available.
vuldb.com

CVE-2023-39843 | Suleve 5-in-1 Smart Door Lock 1.0 RFID Tag missing encryption (EUVD-2023-43543)

Vuldb Updates
2 months 3 weeks ago
A vulnerability identified as problematic has been detected in Suleve 5-in-1 Smart Door Lock 1.0. This vulnerability affects unknown code of the component RFID Tag. This manipulation causes missing encryption of sensitive data. This vulnerability is registered as CVE-2023-39843. It is feasible to perform the attack on the physical device. No exploit is available.
vuldb.com

CVE-2023-39834 | PbootCMS up to 3.1.x create_function command injection (EUVD-2023-43534)

Vuldb Updates
2 months 3 weeks ago
A vulnerability categorized as critical has been discovered in PbootCMS up to 3.1.x. This vulnerability affects the function create_function. The manipulation results in command injection. This vulnerability is identified as CVE-2023-39834. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2023-39828 | Tenda A18 15.13.07.09 formWifiBasicSet Security stack-based overflow (EUVD-2023-43528)

Vuldb Updates
2 months 3 weeks ago
A vulnerability identified as critical has been detected in Tenda A18 15.13.07.09. This impacts the function formWifiBasicSet. This manipulation of the argument Security causes stack-based buffer overflow. The identification of this vulnerability is CVE-2023-39828. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

CVE-2023-39827 | Tenda A18 15.13.07.09 formAddMacfilterRule rule_info stack-based overflow (EUVD-2023-43527)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Tenda A18 15.13.07.09 and classified as critical. The impacted element is the function formAddMacfilterRule. Executing a manipulation of the argument rule_info can lead to stack-based buffer overflow. This vulnerability appears as CVE-2023-39827. The attacker needs to be present on the local network. There is no available exploit.
vuldb.com

CVE-2023-39829 | Tenda A18 15.13.07.09 fromSetWirelessRepeat wpapsk_crypto2_4g stack-based overflow (EUVD-2023-43529)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Tenda A18 15.13.07.09. It has been classified as critical. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. This vulnerability is traded as CVE-2023-39829. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

CVE-2023-39809 | N.V.K.INTER iBSG 3.5 network-basic.php system_hostname command injection (EUVD-2023-43509)

Vuldb Updates
2 months 3 weeks ago
A vulnerability categorized as critical has been discovered in N.V.K.INTER iBSG 3.5. The impacted element is an unknown function of the file /manage/network-basic.php. Executing a manipulation of the argument system_hostname can lead to command injection. The identification of this vulnerability is CVE-2023-39809. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

Lazarus Hackers Actively Attacking European Drone Manufacturing Companies

Cyber Security News
2 months 3 weeks ago

Lazarus, a sophisticated North Korean-aligned hacking group also known as HIDDEN COBRA, has launched a new wave of targeted attacks against European drone manufacturers and defense contractors. The campaign, tracked as Operation DreamJob, emerged in late March 2025 and specifically targets organizations developing unmanned aerial vehicle technology across Central and Southeastern Europe. Researchers have identified […]

The post Lazarus Hackers Actively Attacking European Drone Manufacturing Companies appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad