Aggregator

A vulnerability described as critical has been identified in Brocade Fabric OS. This affects an unknown function of the file system.sh of the component Management Protocol. Executing a manipulation can lead to command injection. This vulnerability is registered as CVE-2024-5461. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Brocade Fabric OS 9.2.0. Affected by this vulnerability is an unknown functionality. This manipulation causes cleartext transmission of sensitive information. This vulnerability appears as CVE-2024-5462. The attack may be initiated remotely. There is no available exploit.

A vulnerability has been found in NeoRazorX facturascripts up to 2025.6 and classified as problematic. The affected element is an unknown function of the component XML File Parser. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-69210. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in NeoRazorX facturascripts up to 2025.7. It has been rated as problematic. This issue affects some unknown processing of the component Error Message Handler. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-23476. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in NeoRazorX facturascripts up to 2025.71. Affected is an unknown function. Performing a manipulation of the argument Observations results in cross site scripting. This vulnerability is identified as CVE-2026-23997. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in NeoRazorX facturascripts up to 2025.80. The affected element is the function ModelClass::getOrderBy of the component REST API. Executing a manipulation of the argument sort can lead to sql injection. This vulnerability is handled as CVE-2026-25513. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in NeoRazorX facturascripts up to 2025.80 and classified as critical. The impacted element is the function CodeModel::all of the component Autocomplete. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2026-25514. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Mealie 3.3.1. This affects an unknown part of the component Recipe Notes Rendering. This manipulation causes basic cross site scripting. The identification of this vulnerability is CVE-2025-70296. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as problematic has been discovered in Mealie 3.3.1. Affected by this issue is some unknown functionality of the component SVG File Parser. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-70297. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in pyca cryptography up to 46.0.4. It has been classified as problematic. This issue affects the function EllipticCurvePublicNumbers.public_key/EllipticCurvePublicNumbers.public_key/load_der_public_key/load_pem_public_key. The manipulation leads to insufficient verification of data authenticity. This vulnerability is documented as CVE-2026-26007. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

North Korean nation-state threat actors have been running a two-part operation — posing as job recruiters while embedding fake workers inside real companies. Since at least 2022, these actors have tricked software developers into running malicious code during fake technical interviews, using the malware families BeaverTail and OtterCookie to steal credentials, take remote control of […]

The post North Korean Threat Actors Leverage Fake IT Worker Campaigns and Contagious Interview Tactics appeared first on Cyber Security News.

Списки потенциальных жертв пополняются каждую секунду.

Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure

Introduction Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. Whether it’s high-end financially-motivated campaigns or state-sponsored activity, our focus is to figure out what the threat is, report our findings to the relevant parties, and make sure Check Point customers stay protected. […]

The post 2025: The Untold Stories of Check Point Research appeared first on Check Point Research.

A new malware delivery campaign has hit ClawHub, the official online repository for “skills” that augment the capabilities of the popular OpenClaw AI agent. Unlike previous ones, this campaign does not aim to trick users into downloading a bogus, malicious skill. Instead, the threat actor is leaving this particular comment on popular legitimate skills published by others: The malicious troubleshooting comment “At first glance, this appears to be a troubleshooting suggestion. It is not. It … More →

The post Fake troubleshooting tip on ClawHub leads to infostealer infection appeared first on Help Net Security.

PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months.

A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. Impacted is the function modify_add_client_prio of the component formSetClientPrio CGI Handler. Performing a manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2025-69700. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, was found in Dell Repository Manager up to 3.4.7. This issue affects some unknown processing. Such manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2026-21420. An attack has to be approached locally. There is no exploit available. You should upgrade the affected component.

荷兰国防部副部长 Gijs Tuinman 透露，F-35 能被越狱安装第三方软件，就像以前的 iPhone。他没有透露多少越狱细节。F-35 战斗机包含了云端组件 ALIS/ODIN network，它除了用于处理软件更新和后勤数据外，还被用于在执行任务前上传高度敏感的任务数据，在任务结束后下载情报等数据。采购 F-35 战斗机的美国盟友中，只有以色列允许安装自己开发的软件，允许在 ALIS/ODIN network 之外操作战斗机。其它国家的 F-35 高度依赖于美国的维护和后勤保障体系，因此越狱可能会导致美国停止维护，最终导致战斗机无法正常工作。

Submit #756245 / VDB-200024