Aggregator

CVE-2026-22219 | Chainlit up to 2.9.3 HTTP GET Request /project/element url server-side request forgery

VulDB Recent Entries
3 months ago
A vulnerability marked as critical has been reported in Chainlit up to 2.9.3. The affected element is an unknown function of the file /project/element of the component HTTP GET Request Handler. Performing a manipulation of the argument url results in server-side request forgery. This vulnerability is cataloged as CVE-2026-22219. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-23950 | isaacs node-tar up to 7.5.3 path-reservations System unicode encoding (GHSA-r6q2-hw4h-h46w)

VulDB Recent Entries
3 months ago
A vulnerability identified as critical has been detected in isaacs node-tar up to 7.5.3. This issue affects some unknown processing of the component path-reservations System. This manipulation causes improper handling of unicode encoding. This vulnerability is tracked as CVE-2026-23950. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2026-1223 | BROWAN PrismX MX100 AP controller prior 1.03.23.01 insufficiently protected credentials

VulDB Recent Entries
3 months ago
A vulnerability categorized as problematic has been discovered in BROWAN PrismX MX100 AP controller. This vulnerability affects unknown code. The manipulation results in insufficiently protected credentials. This vulnerability is identified as CVE-2026-1223. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-23949 | jaraco jaraco.context up to 6.0.x jaraco.context.tarball path traversal (GHSA-58pv-8j8x-9vj2)

VulDB Recent Entries
3 months ago
A vulnerability was found in jaraco jaraco.context up to 6.0.x. It has been declared as critical. Affected by this issue is the function jaraco.context.tarball. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-23949. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-23947 | orval up to 8.0.1 getEnumImplementation enumDescriptions command injection (GHSA-h526-wf6g-67jv)

VulDB Recent Entries
3 months ago
A vulnerability was found in orval up to 8.0.1. It has been classified as critical. Affected by this vulnerability is the function getEnumImplementation. Performing a manipulation of the argument enumDescriptions results in command injection. This vulnerability was named CVE-2026-23947. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-22218 | Chainlit up to 2.9.3 /project/element chainlitKey path traversal

VulDB Recent Entries
3 months ago
A vulnerability has been found in Chainlit up to 2.9.3 and classified as critical. This impacts an unknown function of the file /project/element. This manipulation of the argument chainlitKey causes path traversal. This vulnerability is handled as CVE-2026-22218. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-23876 | ImageMagick up to 6.9.13-37/7.1.2-12 XBM Image Decoder ReadXBMImage heap-based overflow (GHSA-r49w-jqq3-3gx8)

VulDB Recent Entries
3 months ago
A vulnerability, which was classified as critical, has been found in ImageMagick up to 6.9.13-37/7.1.2-12. The impacted element is the function ReadXBMImage of the component XBM Image Decoder. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-23876. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access

Cyber Security News
3 months ago

Pulsar RAT has emerged as a sophisticated derivative of the open-source Quasar RAT, introducing dangerous enhancements that enable attackers to maintain invisible remote access through advanced evasion techniques. This modular Windows-focused remote administration tool represents a significant evolution in threat sophistication. Combining memory-only execution with hidden virtual network computing (HVNC) capabilities that circumvent traditional detection […]

The post Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access appeared first on Cyber Security News.

Abinaya

Confusion and fear send people to Reddit for cybersecurity advice

Help Net Security
3 months ago

A strange charge appears on a bank account. An email claims a package is on the way. A social media account stops accepting a password that worked yesterday. When these moments hit, many people do the same thing. They open Reddit and ask strangers for help. A new study shows how often this happens and what people ask when they do. Researchers affiliated with Google and University College London built an analysis pipeline that sifted … More →

The post Confusion and fear send people to Reddit for cybersecurity advice appeared first on Help Net Security.

Sinisa Markovic

Threads 移动端日活人数超过 X

Solidot
3 months ago
Similarweb 最新数据显示,Threads 移动端日活用户数超越了 X。而 X 在 Web 端仍然远超 Threads,日访问量约 1.5 亿,而 Threads 的日访问量为 850 万。Similarweb 的数据显示,截至 2026 年 1 月 7 日 Threads 在 iOS 和 Android 平台上的日活用户数达到 1.415 亿,而 X 在移动设备上的日活用户数为 1.25 亿。Threads 日活增长受益于在 Meta 旗下社交平台如 Facebook 和 Instagram 上的推广,以及对内容创作者的重视和新功能的快速推出。Threads 过去一年新增了兴趣社区、完善筛选功能、私信、长文本、阅后即焚等功能,最近还在测试游戏功能。

INC

Dark Feed IO
3 months ago

You must login to view this content

cohenido

Managed ad