Aggregator

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.13/7.0.0. Affected is an unknown function of the component vfio. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2026-31601. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.13/7.0.0. It has been rated as critical. This issue affects the function free_folio of the file filemap.c. The manipulation leads to use after free. This vulnerability is traded as CVE-2026-31589. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This impacts the function ps_to_hz. Executing a manipulation can lead to divide by zero. The identification of this vulnerability is CVE-2026-31603. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

Submit #802836 / VDB-359845

LCBO (Liquor Control Board of Ontario) Database Breached: 165,840 Customer Records Exposed from Ontario's Crown Corporation

A vulnerability, which was classified as critical, has been found in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal. This vulnerability is listed as CVE-2026-7235. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical was found in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/component_server/server.js. Executing a manipulation of the argument request.url can lead to path traversal. This vulnerability is tracked as CVE-2026-7234. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as problematic has been found in hunvreus DevPush up to 0.3.2. This impacts an unknown function of the file /api/google/authorize. Performing a manipulation results in open redirect. This vulnerability is identified as CVE-2026-30346. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in Canonical authd up to 0.6.3. This affects an unknown function. Such manipulation leads to placement of user into incorrect group. This vulnerability is referenced as CVE-2026-6970. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is recommended.

Submit #802828 / VDB-359844

A vulnerability marked as problematic has been reported in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2026-7233. The attack can only be executed locally. Furthermore, there is an exploit available. The project was informed of the problem early through a bug report but has not responded yet.

Submit #802762 / VDB-359843

Submit #802590 / VDB-359840

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Landscape Features’ appeared first on Security Boulevard.

Sens. Maggie Hassan and Jim Banks wrote to Navigate360 after a hacker claimed to compromise the school safety tool.

The post Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line appeared first on CyberScoop.

Ни телеметрии, ни лишнего кода — только профили, прокси и шифрование.

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.

A vulnerability was found in Linux Kernel up to 5.15.114/6.1.30/6.3.4 and classified as critical. The impacted element is an unknown function of the component mlx5e. The manipulation results in deadlock. This vulnerability is cataloged as CVE-2023-53591. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.162/5.15.86/6.0.18/6.1.4. It has been rated as critical. Impacted is the function of_irq_find_parent of the component gpio. This manipulation causes improper update of reference count. This vulnerability is registered as CVE-2023-53592. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.234/5.10.172/5.15.99/6.1.17/6.2.4. Affected by this issue is the function sctp_sched_prio_free_sid of the component sctp. Such manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2023-53590. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.