Aggregator

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

The Hackers News
1 month 3 weeks ago
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code
The Hacker News

VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers

Help Net Security
1 month 3 weeks ago

VIAVI Solutions has announced the launch of its next-generation CyberFlood CF1000 Appliance, a native 400G security and application performance test platform for the validation of multi-terabit security and AI data center infrastructures at scale. Developed for network equipment vendors, hyperscale data center operators and service providers, the CyberFlood CF1000 enables OSI Layer 4-7 validation of critical infrastructure under real-world encrypted and dynamic mixed traffic conditions including Next-Generation Firewalls (NGFWs), Application Delivery Controllers (ADCs), DDoS mitigation … More →

The post VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers appeared first on Help Net Security.

Industry News

CVE-2026-7856 | D-Link DI-8100 16.07.26A1 Web Management Interface /url_member.asp Name buffer overflow

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. This vulnerability is tracked as CVE-2026-7856. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-7855 | D-Link DI-8100 16.07.26A1 HTTP Request /tggl.asp tggl_asp Name buffer overflow

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. This vulnerability is identified as CVE-2026-7855. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-7854 | D-Link DI-8100 16.07.26A1 POST Parameter /url_rule.asp url_rule_asp buffer overflow

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as critical was found in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. This vulnerability is referenced as CVE-2026-7854. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2026-7853 | D-Link DI-8100 16.07.26A1 HTTP /auto_reboot.asp sprintf enable/time buffer overflow

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as critical has been found in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. The identification of this vulnerability is CVE-2026-7853. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Oracle rolls out monthly security patch updates

Help Net Security
1 month 3 weeks ago

Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller and more focused, making it easier to apply critical fixes quickly [to customer-managed deployments],” Oracle says. Quarterly Critical Patch Updates (CPUs) remain in place and will continue to include all fixes released in prior CSPUs. Managing security across environments Protections and updates are applied automatically and continuously in … More →

The post Oracle rolls out monthly security patch updates appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2025-9164 | Docker Desktop up to 4.48.0 Installer.exe uncontrolled search path (EUVD-2025-36191 / Nessus ID 271961)

Vuldb Updates
1 month 3 weeks ago
A vulnerability labeled as problematic has been found in Docker Desktop up to 4.48.0. Affected by this issue is some unknown functionality of the file Installer.exe. The manipulation results in uncontrolled search path. This vulnerability is cataloged as CVE-2025-9164. The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-6587 | Docker Desktop up to 4.42.1 Environment Variable log file (EUVD-2025-19843 / Nessus ID 300035)

Vuldb Updates
1 month 3 weeks ago
A vulnerability classified as problematic has been found in Docker Desktop up to 4.42.1. This issue affects some unknown processing of the component Environment Variable Handler. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-6587. Local access is required to approach this attack. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

Managed ad