Aggregator

CVE-2025-14905 | 389-ds-base schema.c schema_attr_enum_callback heap-based overflow (Nessus ID 299805 / WID-SEC-2026-0494)

3 months 3 weeks ago

A vulnerability was found in 389-ds-base and classified as critical. The affected element is the function schema_attr_enum_callback of the file schema.c. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is handled as CVE-2025-14905. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2026-2964 | higuma web-audio-recorder-js 0.1/0.1.1 Dynamic Config Handling lib/WebAudioRecorder.js extend prototype pollution

Vuldb Updates

3 months 3 weeks ago

A vulnerability was found in higuma web-audio-recorder-js 0.1/0.1.1 and classified as problematic. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. This vulnerability is referenced as CVE-2026-2964. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2026-2970 | datapizza-labs datapizza-ai 0.0.2 cache.py RedisCache deserialization

Vuldb Updates

3 months 3 weeks ago

A vulnerability labeled as critical has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. This vulnerability is documented as CVE-2026-2970. The attack requires being on the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2026-2971 | a466350665 Smart-SSO up to 2.1.1 Login login.html redirectUri cross site scripting

Vuldb Updates

3 months 3 weeks ago

A vulnerability marked as problematic has been reported in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting. This vulnerability is reported as CVE-2026-2971. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2026-2972 | a466350665 Smart-SSO up to 2.1.1 Role Edit Page UserController.java save cross site scripting

Vuldb Updates

3 months 3 weeks ago

A vulnerability described as problematic has been identified in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-2972. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2026-2977 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py upload_controller unrestricted upload

Vuldb Updates

3 months 3 weeks ago

A vulnerability was found in FastApiAdmin up to 2.2.0. It has been declared as critical. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2026-2977. It is possible to launch the attack remotely. Furthermore, an exploit is available.

vuldb.com

CVE-2026-2978 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py upload_file_controller unrestricted upload

Vuldb Updates

3 months 3 weeks ago

A vulnerability was found in FastApiAdmin up to 2.2.0. It has been rated as critical. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. This vulnerability is identified as CVE-2026-2978. The attack can be initiated remotely. Additionally, an exploit exists.

vuldb.com

CVE-2026-2956 | qinming99 dst-admin up to 1.5.0 /home/restore revertBackup Name command injection

Vuldb Updates

3 months 3 weeks ago

A vulnerability labeled as critical has been found in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. This vulnerability is reported as CVE-2026-2956. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2026-2957 | qinming99 dst-admin up to 1.5.0 File BackupController.java deleteBackup denial of service

Vuldb Updates

3 months 3 weeks ago

A vulnerability marked as problematic has been reported in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. This vulnerability appears as CVE-2026-2957. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Триста, четыреста, четыреста шестьдесят девять. РКН продолжает «зачистку» инструментов обхода блокировок

Securitylab.ru

3 months 3 weeks ago

Ведомство отчиталось об ограничении 469 сервисов.

Third-Party Patching and the Business Footprint We All Share

Bleeping Computer.

3 months 3 weeks ago

Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. [...]

让你压力山大的人也会增加你的生物年龄

Solidot

3 months 3 weeks ago

根据发表在 PNAS 期刊上的一项研究，常制造问题或让周围人生活变得更艰难的人也会加速周围人的生物衰老。研究人员将这种人称为是 Hassler，每多一个 Hassler，周围人生物衰老速度会加快约 1.5%，相当于比同龄人老了约 9 个月。研究利用了美国印第安纳州 2345 名年龄在 18-103 岁成年人的 DNA 甲基化表观遗传时钟和社交网络数据，其中 29% 的人报告其社交网络至少有一名 Hassler。家庭成员中的 Hassler 与加速衰老的相关性最强，但配偶中的 Hassler 没有产生显著影响。除了加速衰老，Hassler 也会增加抑郁和焦虑的严重程度，更高的体重指数（BMI）、炎症水平和多种疾病的风险。相比吸烟对生物衰老的影响，Hassler 效应相当于其 13%-17%。

When an entire network comes under attack: Carpet bombing as a DDoS strategy

Link 11 (Dosarrest Internet Security Ltd)

3 months 3 weeks ago

Some DDoS attacks are loud. Others are large. And still others are one thing above all else: widespread. A recent incident in the Link11 network shows how effective so-called carpet bombing can be. Within just two minutes, not a single server but an entire “/20 network” with more than 4,000 IP addresses was attacked. What at first glance appears […]

The post When an entire network comes under attack: Carpet bombing as a DDoS strategy appeared first on Link11.

Link11 Administrator

IronCurtain: An open-source, safeguard layer for autonomous AI assistants

Help Net Security

3 months 3 weeks ago

Veteran security engineer Niels Provos is working on a new technical approach designed to stop autonomous AI agents from taking actions you haven’t specifically authorized. His open-source software solution, called IronCurtain, aims to neutralize the risk of an LLM-powered agent “going rogue” – whether through prompt injection or the agent gradually deviating from the user’s original intent over the course of a long session. How does IronCurtain work? In the last few months, there have … More →

The post IronCurtain: An open-source, safeguard layer for autonomous AI assistants appeared first on Help Net Security.

Zeljka Zorz