Aggregator

CVE-2026-21856 | the-hideout tarkov-data-manager up to 2.0.0 API Endpoint sql injection (GHSA-4gcx-ghwc-rc78)

Vuldb Updates
4 months 1 week ago
A vulnerability marked as critical has been reported in the-hideout tarkov-data-manager up to 2.0.0. The affected element is an unknown function of the component API Endpoint Handler. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-21856. The attack is possible to be carried out remotely. No exploit exists. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2025-58441 | KnowageLabs Knowage-Server up to 8.1.36 server-side request forgery (GHSA-m6x8-wh9v-6jxp)

Vuldb Updates
4 months 1 week ago
A vulnerability described as critical has been identified in KnowageLabs Knowage-Server up to 8.1.36. This affects an unknown part. Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2025-58441. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-21855 | the-hideout tarkov-data-manager up to 2.0.0 URL cross site scripting (GHSA-9c23-rrg9-jc89)

Vuldb Updates
4 months 1 week ago
A vulnerability has been found in the-hideout tarkov-data-manager up to 2.0.0 and classified as problematic. The impacted element is an unknown function of the component URL Handler. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-21855. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-23840 | leepeuker movary up to 0.69.x categoryDeleted input validation (GHSA-pj3m-gmq8-2r57 / EUVD-2026-3301)

Vuldb Updates
4 months 1 week ago
A vulnerability was found in leepeuker movary up to 0.69.x. It has been declared as critical. This vulnerability affects unknown code. Executing a manipulation of the argument categoryDeleted can lead to improper input validation. This vulnerability is tracked as CVE-2026-23840. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

Security Is Shifting From Prevention to Resilience

Security Boulevard
4 months 1 week ago

Dan Cole, senior vice president of product management at Sophos, unpacks how cybersecurity strategy is shifting from a prevention-first mindset toward resilience and response. Cole traces his career from the early days of mass malware outbreaks like Melissa and ILOVEYOU through today’s environment of nation-state actors, AI-assisted attacks, and sprawling hybrid workforces. While the tools..

The post Security Is Shifting From Prevention to Resilience appeared first on Security Boulevard.

Alan Shimel

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

The Hackers News
4 months 1 week ago
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by
The Hacker News

Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers

Cyber Security News
4 months 1 week ago

Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro Development Server to deliver advanced malware payloads across Windows and Linux systems. VulnCheck’s Canary honeypot network first detected operational exploitation of CVE-2025-11953 dubbed “Metro4Shell” on December 21, 2025, with continued attacks observed in January 2026, yet the vulnerability remains largely […]

The post Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers appeared first on Cyber Security News.

Guru Baran

Managed ad