Aggregator
CVE-2026-43344 | Linux Kernel up to 6.19.13 snbep_pci2phy_map_init infinite loop (Nessus ID 326222 / WID-SEC-2026-1454)
Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018
Сетевой трафик выдает больше, чем адрес кошелька. Браузерные расширения привязывают человека к его крипте
CVE-2026-56689 | Dell PowerFlex Manager 4.6.2.1 SQL Command sql injection (EUVD-2026-42869)
CVE-2026-54468 | Dell Unisphere for PowerMax up to 10.3.0.5 File Access path traversal (EUVD-2026-42872)
CVE-2026-56690 | Dell PowerFlex Manager 4.6.2.1 SQL Command sql injection (EUVD-2026-42868)
Incode brings on-device processing to age estimation for privacy-focused verification
Incode has launched On-Device Age Estimation, an age verification capability that performs age estimation and liveness detection directly on the user’s device, without transmitting facial data off the device. The company’s age estimation models are now available to run entirely on-device. The solution combines on-device age estimation with deepfake and spoofing detection. More than 30 age assurance laws are now in force worldwide. In the UK, the Online Safety Act’s “highly effective” age check requirement … More →
The post Incode brings on-device processing to age estimation for privacy-focused verification appeared first on Help Net Security.
CVE-2026-56688 | Dell PowerFlex Manager up to 5.0.x OS Repository os command injection (EUVD-2026-42871)
Malicious Windows Shortcuts Use PowerShell and Node.js to Enable Remote Code Execution
A malicious Windows shortcut is being used to turn a routine download into a full remote-code-execution foothold. The campaign begins with convincing booking-themed spam and steers victims toward a ZIP archive that conceals a booby-trapped LNK file. One click can quietly start a chain that installs a backdoor and gives attackers a path to run […]
The post Malicious Windows Shortcuts Use PowerShell and Node.js to Enable Remote Code Execution appeared first on Cyber Security News.
CVE-2026-56814 | elixir-plug up to 1.20.2 Multipart Request-Body Parser multipart.ex parse_multipart/2 filename denial of service
GNU Guix Vulnerabilities Allow Remote Privilege Escalation via Malicious Binary Substitutes
GNU Guix has disclosed four serious security vulnerabilities affecting its package substitution and channel-management features. Three flaws in the guix substitute utility can enable remote privilege escalation, corruption of stored data, and local disclosure of files readable by the build daemon user. At the same time, a fourth issue affects guix pull and guix time-machine. […]
The post GNU Guix Vulnerabilities Allow Remote Privilege Escalation via Malicious Binary Substitutes appeared first on Cyber Security News.
CVE-2026-41877 | R-SOFT SERWIS DMS up to 3.19-2831 File Upload Name cross site scripting (EUVD-2026-42854)
CVE-2026-41880 | R-SOFT SERWIS DMS up to 3.19-2861 OCR Module OCR Function file paths os command injection (EUVD-2026-42855)
CVE-2026-58225 | elixir-ecto postgrex 0.22.2 Notifications handle_connect channel name sql injection (EUVD-2026-42867)
CVE-2026-41876 | R-SOFT SERWIS DMS up to 3.19-2751 Document Converter konwertujAction format os command injection (EUVD-2026-42853)
CVE-2026-6802 | fahadmahmood Easy Upload Files During Checkout Plugin up to 3.0.1 on WordPress File Deletion ufdc_custom_init eufdc-delete authorization (EUVD-2026-42846)
Linux Kernel FUSE Vulnerability Lets Attackers Gain Root Privileges
A Linux kernel vulnerability in the FUSE subsystem can allow a local attacker to gain root privileges by overflowing the page cache with attacker-controlled directory entries. The flaw is tracked as CVE-2026-31694 and affects the code path used when the kernel caches FUSE readdir results. FUSE lets a userspace filesystem talk to the kernel through […]
The post Linux Kernel FUSE Vulnerability Lets Attackers Gain Root Privileges appeared first on Cyber Security News.