Aggregator

Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service

Grav CMS 2.0.0-beta.2 - Remote Code Execution

TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer alongside an on-chain execution tracker that confirmed each victim compromise in real time.

守护药企生产安全。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Andrei Kozlov, the former head of a cybersecurity center within Russia’s state-owned defense conglomerate Rostec, was named an aide to Security Council Secretary Sergei Shoigu on Friday.

Investigators seized more than 800 servers as they arrested two men suspected of violating European sanctions and assisting pro-Russian cyberattacks and disinformation campaigns.

Snscrape是一款功能强大的免费工具，无需API密钥即可从 Twitter、TikTok、YouTube、Reddit等平台抓取公开的社交媒体数据。它非常适合研究人员、营销人员、开发人员和Python初学者，让您能够快速轻松地收集、导出和分析数据。

A vulnerability described as problematic has been identified in Roundcube Webmail up to 1.6.15/1.7.0. Affected by this vulnerability is an unknown functionality of the component SVG Document Handler. Such manipulation of the argument attributeName leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-48848. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2026-9486. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. The identification of this vulnerability is CVE-2026-9497. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Roundcube Webmail up to 1.6.15/1.7.0. This affects an unknown part of the component Mail Message Handler. Executing a manipulation can lead to server-side request forgery. The identification of this vulnerability is CVE-2026-48843. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine. This vulnerability is referenced as CVE-2026-9498. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2026-9500. The attack is only possible with local access. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability described as problematic has been identified in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. This vulnerability is tracked as CVE-2026-9501. The attack is restricted to local execution. Moreover, an exploit is present. A patch should be applied to remediate this issue.

A vulnerability marked as critical has been reported in libtiff 4.4.0rc1. Affected is the function rotateImage of the file tiffcrop.c. The manipulation leads to double free. This vulnerability is documented as CVE-2022-2519. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability described as critical has been identified in libtiff 4.4.0rc1. Affected by this vulnerability is the function rotateImage of the file tiffcrop.c. The manipulation results in incorrect calculation of buffer size. This vulnerability is reported as CVE-2022-2520. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Octopus Server. It has been rated as problematic. The impacted element is an unknown function. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2022-2508. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as problematic has been found in Octopus Deploy. Affected by this issue is some unknown functionality. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2022-2507. It is possible to launch the attack remotely. No exploit is available.