Aggregator

A vulnerability was found in GNU LibreDWG up to 0.14. It has been rated as problematic. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2026-9529. The attack requires a local approach. Moreover, an exploit is present.

A vulnerability categorized as problematic has been discovered in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2026-9530. The attack requires local access. In addition, an exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in Totolink CA750-PoE 6.2c.510 and classified as critical. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. This vulnerability is tracked as CVE-2026-9531. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A dangerous new ransomware strain called Payload has been quietly building a global victim list since it first appeared in February 2026. The group launched its leak site with a high-profile target and has since expanded operations across Egypt, Mexico, Poland, and beyond. What makes this threat stand out is not just its reach, but […]

The post Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files appeared first on Cyber Security News.

PuTTY 0.84 has been released with fixes for multiple minor security flaws, including issues that could trigger SSH key exchange crashes and a Telnet prompt spoofing weakness. While these vulnerabilities are considered low severity, they highlight how even small flaws in cryptographic handling and session logic can be abused in specific attack scenarios, particularly by […]

The post PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw appeared first on Cyber Security News.

Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. [...]

2026年1月1日-6月5日，在以上期间内提交过补天众测有效漏洞（厂商审核通过）的白帽师傅均可获得1份2026补天定制端午礼盒。

活动时间：5月21日-6月4日

领取你的补天端午礼盒啦~

投稿得补天端午礼盒~

Участившиеся хакерские атаки заставили создателей сервиса действовать предельно жёстко.

A vulnerability classified as critical was found in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. This vulnerability is known as CVE-2026-9552. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. This vulnerability is traded as CVE-2026-9551. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. This vulnerability appears as CVE-2026-9550. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #815457 / VDB-365611

Submit #815456 / VDB-365610

dnsmasqには複数の脆弱性が存在します。

The algorithmic stablecoins EURR and USDR, curated by the digital asset institution StablR, suffered a severe and precipitous de-pegging from their respective fiat baselines following a targeted compromise of their token-minting contract within the...

The post StablR Stablecoin Depeg Hack: $10M Minted in Multisig Failure appeared first on Information Security News.

Submit #815455 / VDB-365609

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing