Aggregator

Submit #780836 / VDB-347489

A vulnerability, which was classified as critical, was found in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-5331. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. This vulnerability was named CVE-2026-5330. The attack may be initiated remotely. In addition, an exploit is available.

Submit #780814 / VDB-354665

Submit #780734 / VDB-354664

Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist […]

A vulnerability classified as problematic was found in VertiGIS FM up to 10.13.402. Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-3877. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in VertiGIS FM up to 10.11.362. Affected is an unknown function. This manipulation causes externally controlled reference. This vulnerability is handled as CVE-2026-0522. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Corosync. This impacts an unknown function of the component UDP Packet Handler. The manipulation results in integer overflow. This vulnerability is known as CVE-2026-35092. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as critical has been reported in Corosync. This affects an unknown function of the component UDP Packet Handler. The manipulation leads to incorrect check of function return value. This vulnerability is traded as CVE-2026-35091. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

Охота на призраков Вселенной началась в Канаде.

A vulnerability labeled as critical has been found in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing a manipulation of the argument sidx/sort can lead to sql injection. This vulnerability appears as CVE-2026-5328. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. A patch should be applied to remediate this issue.

Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration

Submit #780789 / VDB-354659

Submit #780776 / VDB-354658

Exabeam has announced the expansion of Exabeam Agent Behavior Analytics (ABA). Without direct visibility into how employees use AI assistants, what they query, what data they share, how frequently they interact, and from where, organizations cannot establish a baseline for normal AI behavior, investigate potential misuse, or detect emerging agentic insider threats. New support to detect agent behavior in OpenAI ChatGPT and Microsoft Copilot, alongside existing visibility into Google Gemini, transforms these agentic services into … More →

The post Exabeam expands ABA to detect AI agent threats across ChatGPT, Copilot, and Gemini appeared first on Help Net Security.

Submit #780773 / VDB-354657

Submit #780766 / VDB-354656

Submit #780752 / VDB-354655

Artificial intelligence agents are rapidly becoming integral to enterprise workflows, but they also introduce new attack surfaces. Security researchers recently uncovered a significant vulnerability within Google Cloud Platform’s Vertex AI Agent Engine. By exploiting default permission scoping, attackers could weaponize deployed AI agents into “double agents” that secretly exfiltrate data and compromise cloud infrastructure. Exploiting […]

The post Google Cloud’s Vertex AI platform Vulnerability Allow Attackers to Access Sensitive Data appeared first on Cyber Security News.