Aggregator

CVE-2026-47100 | FunnelKit Funnel Builder for WooCommerce Checkout up to 3.15.0.3 Public Checkout Endpoint authorization

VulDB Recent Entries
4 weeks ago
A vulnerability was found in FunnelKit Funnel Builder for WooCommerce Checkout up to 3.15.0.3. It has been declared as critical. This impacts an unknown function of the component Public Checkout Endpoint. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-47100. The attack can be launched remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-34883 | Portrait Dell Color Management Application up to 3.6.x Link CCFLFamily_07Feb11.edr symlink

VulDB Recent Entries
4 weeks ago
A vulnerability was found in Portrait Dell Color Management Application up to 3.6.x. It has been classified as critical. This affects an unknown function of the file CCFLFamily_07Feb11.edr of the component Link Handler. The manipulation leads to symlink following. This vulnerability is documented as CVE-2026-34883. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-8711 | F5 NGINX JavaScript up to 0.9.8 HTTP ngx.fetch heap-based overflow (K000161307)

VulDB Recent Entries
4 weeks ago
A vulnerability, which was classified as critical, was found in F5 NGINX JavaScript up to 0.9.8. Impacted is the function ngx.fetch of the component HTTP Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2026-8711. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2026-2587 | Eclipse Glassfish up to 7.0.x/8.0.0 Gadget expression language injection

VulDB Recent Entries
4 weeks ago
A vulnerability classified as critical was found in Eclipse Glassfish up to 7.0.x/8.0.0. This vulnerability affects unknown code of the component Gadget Handler. The manipulation results in improper neutralization of special elements used in an expression language statement. This vulnerability is identified as CVE-2026-2587. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

Hackers Hijacking Four-Faith Industrial Routers for Botnet Activity

Cyber Security News
4 weeks ago

Hackers are actively exploiting Four-Faith industrial routers to build botnets, leveraging a critical vulnerability identified as CVE-2024-9643. Security researchers from CrowdSec report a sharp rise in exploitation attempts targeting these devices, signaling a shift from initial probing to large-scale abuse. CVE-2024-9643 is a critical authentication bypass flaw affecting Four-Faith F3x36 industrial cellular routers. The vulnerability […]

The post Hackers Hijacking Four-Faith Industrial Routers for Botnet Activity appeared first on Cyber Security News.

Abinaya

Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain

Cyber Security News
4 weeks ago

A widely used GitHub Action called actions-cool/issues-helper has been compromised, with every version tag in the repository silently redirected to a malicious commit. The attack places stolen CI/CD pipeline credentials directly in the hands of an attacker, raising serious concerns for development teams around the world that rely on this action in their automated workflows. […]

The post Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain appeared first on Cyber Security News.

Tushar Subhra Dutta

Exposing Fox Tempest: A malware-signing service operation

Threat intelligence | Microsoft Security Blog
4 weeks ago

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code, including ransomware.

The post Exposing Fox Tempest: A malware-signing service operation appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

Critical Apache Flink Vulnerability Enables Remote code execution Attacks

Cyber Security News
4 weeks ago

A newly disclosed critical vulnerability in Apache Flink, tracked as CVE-2026-35194, exposes distributed data processing environments to remote code execution (RCE) attacks via SQL injection flaws in the platform’s code generation engine. The flaw lies in Apache Flink’s SQL code-generation mechanism, where user-supplied input is improperly sanitized before being embedded in dynamically generated Java code. This […]

The post Critical Apache Flink Vulnerability Enables Remote code execution Attacks appeared first on Cyber Security News.

Abinaya

DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

The Hackers News
4 weeks ago
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had
The Hacker News

Managed ad