Aggregator

A vulnerability has been found in teableio teable up to 1.9.x and classified as problematic. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-9566. The attack is possible to be carried out remotely. Moreover, an exploit is present. The affected component should be upgraded. The vendor confirms: "The default branch of teableio/teable is develop, and the reported login redirect issue has already been fixed there. The login redirect flow now validates the redirect parameter with isValidRedirectPath() before navigation, which blocks javascript:, data:, and cross-origin redirects."

Submit #816075 / VDB-365629

Submit #815798 / VDB-365628

A newly disclosed security issue in Memcached has raised concerns after developers confirmed a timing side-channel vulnerability in its SASL authentication mechanism that could allow attackers to infer valid usernames, now tracked as CVE‑2026‑47783. The flaw was addressed in the recently released Memcached version 1.6.42, a security-focused update that fixes multiple critical bugs affecting stability […]

The post Critical Memcached SASL Vulnerability Let Attackers Infer Valid Usernames appeared first on Cyber Security News.

360为智能体产业高质量发展夯实人才基础

Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from Shareoint deserializing untrusted data, and may be exploited by an authenticated attacker to execute code remotely on a vulnerable SharePoint Server instance – no user interaction required. “The attack complexity is Low (AC:L) because … More →

The post High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-9565. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A newly disclosed vulnerability in Apache CXF, tracked as CVE-2026-44930, is raising concerns among enterprise users relying on its XKMS (XML Key Management Specification) services. The flaw, classified as an important severity issue, affects the LDAP-based certificate repository component and could allow attackers to retrieve arbitrary digital certificates from vulnerable systems. Apache CXF is widely […]

The post Apache CXF LDAP Injection Vulnerability Let Attacker Retrieve Arbitrary Certificates appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Performing a manipulation of the argument Remarks results in cross site scripting. This vulnerability is known as CVE-2026-9564. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-9562. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.

Submit #815713 / VDB-365627

ConnectWise has disclosed a high-impact security vulnerability in its Automate platform that could allow attackers to bypass critical security checks and execute malicious code under specific conditions. The flaw, tracked as CVE-2026-9089, affects versions of ConnectWise Automate before 2026.5 and has been assigned a CVSS score of 8.8, highlighting its potential severity in managed service […]

The post ConnectWise Automate Vulnerability Let Attackers Bypass Security Checks appeared first on Cyber Security News.

Как иранцы жили без доступа к глобальной сети — и что изменится теперь.

Submit #815674 / VDB-365626

Submit #815536 / VDB-365625

A vulnerability classified as problematic has been found in ZTE ZXUniPOS NDS-LTE 24.30.40CP02/24.40.40. Impacted is an unknown function. This manipulation causes use of a cryptographic primitive with a risky implementation. This vulnerability appears as CVE-2026-44410. The attack may be initiated remotely. There is no available exploit.

当人们开始依赖AI获取信息、做出决策时，一些人正在系统性地污染AI的知识土壤，使这些被视为“权威”的智能助手悄然变成谎言的扩音器。这已不再是一个技术漏洞的问题，而是一场有组织、有目的的“认知污染”攻击。

近期，名为OpenClaw的开源AI智能体工具引发全网“养龙虾”跟风热潮，这只“数字龙虾”频频登上热搜，相关话题阅读量达数亿，成为全民关注的科技现象。

数字时代，网络谣言已成为威胁社会秩序与公众信任的隐患，一些自媒体博主通过刻意的场景设计、脚本化的角色演绎，制造“视觉冲击”博取网民关注，最终实现非法牟利的目的。

作为我国首部系统性规范网络安全标识的部门规章，《办法》的出台，标志着我国网络产品安全治理已从底线合规阶段，向分级量化、市场引导、透明可溯的现代化治理模式转型，对强化消费者权益保护、推动产业高质量发展、维护国家网络安全具有里程碑意义。