Aggregator

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the

Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases.

Сначала казалось, что новые технологии просто экономят время, но последствия оказались куда плачевнее.

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

A vulnerability has been found in Tencent WeKnora up to 0.3.6 and classified as critical. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. This vulnerability is traded as CVE-2026-8786. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #812172 / VDB-364410

Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.

A vulnerability, which was classified as critical, was found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection. This vulnerability appears as CVE-2026-8785. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as critical, has been found in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. This vulnerability is reported as CVE-2026-8784. The attack requires a local approach. Moreover, an exploit is present. It is recommended to apply a patch to fix this issue.

Submit #812138 / VDB-201910

Submit #812010 / VDB-364409

147 тысяч фейковых ссылок за год. ИИ завалил науку несуществующими доказательствами.

A vulnerability classified as problematic was found in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-8783. The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is advised. The same pull request fixes multiple security issues.

A vulnerability classified as problematic has been found in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2026-8782. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.

A vulnerability described as problematic has been identified in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-8781. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.