Aggregator

A vulnerability, which was classified as problematic, has been found in TP-Link TL-WR841N v14. The affected element is an unknown function of the component Web Portal Service. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-9014. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in pimcore Web2Print Tools Bundle up to 5.2.1/6.1.0. Impacted is an unknown function of the component API Endpoint. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2026-23496. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Zitadel up to 3.4.5/4.9.0. This issue affects some unknown processing of the component Login Interface. This manipulation causes observable response discrepancy. The identification of this vulnerability is CVE-2026-23511. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in sveltejs devalue up to 5.6.1. This vulnerability affects unknown code. The manipulation results in asymmetric resource consumption. This vulnerability was named CVE-2026-22775. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in sveltejs kit up to 2.49.4. This affects an unknown part. The manipulation leads to uncontrolled memory allocation. This vulnerability is uniquely identified as CVE-2026-22803. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in sveltejs devalue up to 5.6.1. Affected by this issue is the function devalue.parse. Executing a manipulation can lead to asymmetric resource consumption. This vulnerability is handled as CVE-2026-22774. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Google Android. Affected by this vulnerability is an unknown functionality of the component Key-based Pairing. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2025-36911. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability categorized as critical has been discovered in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. Affected is an unknown function. Such manipulation leads to improper check for unusual conditions. This vulnerability is traded as CVE-2026-0227. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Pimcore up to 11.5.13/12.3.0. It has been rated as critical. This impacts an unknown function of the file var/config/staticroutes.php of the component API Endpoint. This manipulation causes improper access controls. This vulnerability appears as CVE-2026-23494. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Chamilo LMS up to 1.11.20. Affected by this vulnerability is an unknown functionality of the component Languages Management. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2023-37061. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability identified as problematic has been detected in Chamilo LMS up to 1.11.20. Affected by this issue is some unknown functionality of the component Course Categories Definition. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2023-37062. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Jlink AX1800 1.0. It has been declared as critical. This affects an unknown function. The manipulation results in permission issues. This vulnerability was named CVE-2023-37058. The attack may be performed from remote. There is no available exploit.

Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks use legitimate infrastructure from providers like Google, Microsoft Azure, and AWS CloudFront. This approach allows hackers to bypass many […]

The post Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits appeared first on Cyber Security News.

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in September 2025 following responsible disclosure on

Large language models have become deeply integrated into everyday business operations, from customer service chatbots to autonomous agents managing calendars, executing code, and handling financial transactions. This rapid expansion has created a critical security blind spot. Researchers have identified that attacks targeting these systems are not simple prompt injections as commonly believed, but rather sophisticated, […]

The post Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats appeared first on Cyber Security News.

The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati.

Microsoft announced that the Copilot Studio extension for the Visual Studio Code (VS Code) integrated development environment is now available to all users. [...]

A vulnerability identified as critical has been detected in Insyde H2O Tools. This issue affects some unknown processing. This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2025-12053. The attack requires local access. There is no available exploit.

A vulnerability was found in Insyde H2O Tools. It has been rated as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2025-12051. The attack needs to be performed locally. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Insyde H2O Tools. This vulnerability affects unknown code. The manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2025-12052. The attack requires a local approach. No exploit exists.