Aggregator

A vulnerability was found in ItzCrazyKns Vane up to 1.12.1. It has been classified as critical. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. This vulnerability is registered as CVE-2026-9372. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #813248 / VDB-322183

Submit #813211 / VDB-365336

Submit #813210 / VDB-365334

A vulnerability was found in Linux Kernel up to 7.0.9 and classified as critical. This affects the function skb_try_coalesce of the component net. The manipulation results in infinite loop. This vulnerability is cataloged as CVE-2026-43503. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in ItzCrazyKns Vane up to 1.12.1 and classified as problematic. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. This vulnerability is listed as CVE-2026-9371. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to apply restrictive firewalling. It appears that basic authentication is planned.

Submit #813209 / VDB-365334

Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to […]

Why pure extortion is replacing traditional ransomwareRansomwar

发布时间: 2026-0

A vulnerability identified as critical has been detected in windmill-labs windmill up to 1.703.1. This issue affects some unknown processing of the file /etc of the component Configuration Handler. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2026-47107. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical has been found in innocommerce Innoshop 0.6.0. This affects an unknown function of the component Backend Application Handler. Performing a manipulation results in improper authorization. This vulnerability was named CVE-2026-39250. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability, which was classified as critical, was found in ScadaBR 1.2.0. Affected by this vulnerability is an unknown functionality of the component HTTP GET Request Handler. The manipulation results in missing authentication. This vulnerability is identified as CVE-2026-8602. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in ScadaBR 1.2.0. This affects an unknown part. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2026-8604. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in lostisland faraday up to 2.14.2. This vulnerability affects the function build_exclusive_url. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-33637. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability was found in ScadaBR 1.2.0. It has been declared as critical. The impacted element is an unknown function. The manipulation results in os command injection. This vulnerability is cataloged as CVE-2026-8603. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in ScadaBR 1.2.0. Affected by this issue is some unknown functionality. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2026-8605. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Apache Airflow CNCF Kubernetes Provider up to 10.16.x. It has been declared as problematic. This issue affects some unknown processing of the component JWT Token Handler. Executing a manipulation can lead to file and directory information exposure. This vulnerability is registered as CVE-2026-27173. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apache Airflow Providers Amazon up to 9.27.x. Impacted is an unknown function. This manipulation of the argument conn_id causes incorrect authorization. The identification of this vulnerability is CVE-2026-42526. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.