Aggregator

CVE-2021-47897 | PEEL eCommerce PEEL Shopping 9.3.0 change_params.php address cross site scripting (Exploit 49553 / EUVD-2026-4290)

Vuldb Updates
2 months 3 weeks ago
A vulnerability classified as problematic has been found in PEEL eCommerce PEEL Shopping 9.3.0. Affected is an unknown function of the file change_params.php. This manipulation of the argument address causes cross site scripting. The identification of this vulnerability is CVE-2021-47897. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2021-47894 | Northwest Performance Managed Switch Port Mapping Tool 2.85.2 IP Address/SNMP Community Name allocation of resources (Exploit 49566 / EUVD-2026-4300)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Northwest Performance Managed Switch Port Mapping Tool 2.85.2. Impacted is an unknown function. The manipulation of the argument IP Address/SNMP Community Name results in allocation of resources. This vulnerability is identified as CVE-2021-47894. The attack is only possible with local access. Additionally, an exploit exists.
vuldb.com

CVE-2021-47896 | PDF Complete PDFCOMPLETE Corporate Edition 4.1.45 pdfcDispatcher Service unquoted search path (Exploit 49558 / EUVD-2026-4279)

Vuldb Updates
2 months 3 weeks ago
A vulnerability classified as problematic was found in PDF Complete PDFCOMPLETE Corporate Edition 4.1.45. The affected element is an unknown function of the component pdfcDispatcher Service. The manipulation results in unquoted search path. This vulnerability was named CVE-2021-47896. The attack needs to be approached locally. In addition, an exploit is available. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2026-24635 | DevsBlink EduBlink Core Plugin up to 2.0.7 on WordPress filename control (EUVD-2026-4331)

Vuldb Updates
2 months 3 weeks ago
A vulnerability classified as critical was found in DevsBlink EduBlink Core Plugin up to 2.0.7 on WordPress. The impacted element is an unknown function. Executing a manipulation can lead to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is registered as CVE-2026-24635. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2026-24633 | Passionate Brains Add Expires Headers & Optimized Minify Plugin up to 3.1.0 on WordPress authorization (EUVD-2026-4332)

Vuldb Updates
2 months 3 weeks ago
A vulnerability labeled as critical has been found in Passionate Brains Add Expires Headers & Optimized Minify Plugin up to 3.1.0 on WordPress. Affected is an unknown function. The manipulation results in missing authorization. This vulnerability is known as CVE-2026-24633. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign

Cyber Security News
2 months 3 weeks ago

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise Through Trusted Vendor The attack began with phishing emails sent from a compromised trusted vendor’s […]

The post Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign appeared first on Cyber Security News.

Dhivya

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

The Hackers News
2 months 3 weeks ago
The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025. The attack was unsuccessful, the country's energy minister, Milosz Motyka, said last week. "The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on
The Hacker News

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

The Hackers News
2 months 3 weeks ago
AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?” Unlike users or applications, AI agents are often deployed quickly, shared broadly,
The Hacker News

CVE-2026-21987 | Oracle VM VirtualBox 7.1.14/7.2.4 Core Local Privilege Escalation (EUVD-2026-3525 / Nessus ID 296414)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Oracle VM VirtualBox 7.1.14/7.2.4. This affects an unknown part of the component Core. This manipulation causes Local Privilege Escalation. This vulnerability is handled as CVE-2026-21987. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-21990 | Oracle VM VirtualBox 7.1.14/7.2.4 Core Local Privilege Escalation (EUVD-2026-3522 / Nessus ID 296414)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Oracle VM VirtualBox 7.1.14/7.2.4. This vulnerability affects unknown code of the component Core. Such manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2026-21990. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2026-21988 | Oracle VM VirtualBox 7.1.14/7.2.4 Core Local Privilege Escalation (EUVD-2026-3524 / Nessus ID 296414)

Vuldb Updates
2 months 3 weeks ago
A vulnerability has been found in Oracle VM VirtualBox 7.1.14/7.2.4 and classified as critical. This issue affects some unknown processing of the component Core. Performing a manipulation results in Local Privilege Escalation. This vulnerability was named CVE-2026-21988. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-21982 | Oracle VM VirtualBox 7.1.14/7.2.4 Core improper authentication (EUVD-2026-3530 / Nessus ID 296414)

Vuldb Updates
2 months 3 weeks ago
A vulnerability described as critical has been identified in Oracle VM VirtualBox 7.1.14/7.2.4. Affected is an unknown function of the component Core. Executing a manipulation can lead to improper authentication. This vulnerability appears as CVE-2026-21982. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

The Hackers News
2 months 3 weeks ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in the
The Hacker News

Managed ad