Aggregator

A vulnerability was found in SillyTavern 1.13.4/1.16.0/1.17.0 and classified as critical. Impacted is an unknown function. Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-44650. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in klever-go and classified as problematic. This issue affects some unknown processing of the component MultiDataInterceptor. This manipulation causes highly compressed data. The identification of this vulnerability is CVE-2026-44697. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Samsung System Support Service. This vulnerability affects unknown code. The manipulation results in improper privilege management. This vulnerability was named CVE-2026-21024. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Samsung Devices. This affects an unknown part of the component Routines. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is uniquely identified as CVE-2026-21022. Local access is required to approach this attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Samsung Devices. Affected by this issue is some unknown functionality of the component Routines. Executing a manipulation can lead to improper input validation. This vulnerability is handled as CVE-2026-21021. The physical device can be targeted for the attack. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Samsung Devices. Affected by this vulnerability is an unknown functionality of the component OmaCP. Performing a manipulation results in improper export of android application components. This vulnerability is known as CVE-2026-21020. Attacking locally is a requirement. No exploit is available.

Microsoft pushed out a significant cumulative update for Windows 11 on May 12, 2026, covering both version 25H2 and version 24H2. The update, identified as KB5089549, brings OS Builds 26200.8457 and 26100.8457 to users running these versions. It bundles the latest security fixes alongside quality improvements carried over from April’s optional preview release, making it […]

The post Microsoft Releases Cumulative Update for Windows 11, Version 25H2 and 24H2 appeared first on Cyber Security News.

A vulnerability described as critical has been identified in Samsung Galaxy Watch. Affected is an unknown function of the component FacAtFunction. Such manipulation leads to improper input validation. This vulnerability is traded as CVE-2026-21019. An attack has to be approached locally. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Samsung Devices. This impacts an unknown function of the component SveService. This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2026-21018. The attack requires local access. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Samsung Devices. This affects an unknown function of the component LocationManager. The manipulation results in incorrect privilege assignment. This vulnerability is reported as CVE-2026-21016. The attack requires a local approach. No exploit exists. The affected component should be upgraded.

Крупнейшее на Урале событие для ИТ- и ИБ-сообщества: дискуссии, ИИ, киберугрозы и воркшопы.

从周二开始，父母可以获取关于他们的孩子在 Instagram 上做什么的更多细节。Meta公司正在向其青少年账户添加一项功能，向父母展示他们的孩子所参与的一般主题，例如 “篮球” 或“时尚”。Meta

A vulnerability identified as critical has been detected in Samsung Devices. The impacted element is an unknown function of the component FactoryCamera. The manipulation leads to incorrect default permissions. This vulnerability is documented as CVE-2026-21015. The attack needs to be performed locally. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Bytello Share. The affected element is an unknown function of the component Installer. Executing a manipulation can lead to uncontrolled search path. This vulnerability is registered as CVE-2026-44612. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Canon Marketing Japan GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud. It has been rated as critical. Impacted is an unknown function of the component Request Handler. Performing a manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-32661. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Hitachi Vantara Pentaho Data Integration and Analytics up to 10.x. It has been declared as problematic. This issue affects some unknown processing of the component JDBC Driver. Such manipulation leads to dependency on vulnerable third-party component. This vulnerability is listed as CVE-2025-11159. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Gerrit 2.12; 0. It has been classified as problematic. This vulnerability affects unknown code of the component Submission Handler. This manipulation causes incorrect authorization. This vulnerability is tracked as CVE-2026-2725. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in beardev JoomSport Plugin up to 5.7.7 on WordPress and classified as critical. This affects an unknown part. The manipulation of the argument sortf results in sql injection. This vulnerability is identified as CVE-2026-6929. The attack can be executed remotely. There is not any exploit available.

这次攻击行动反映了供应链攻击的一个更广泛的转变：从孤立的软件包入侵，转向通过可信的 CI/CD 基础设施进行身份驱动的传播。