Aggregator

A vulnerability classified as critical has been found in dedoc scramble up to 0.13.21. This issue affects some unknown processing. Performing a manipulation results in code injection. This vulnerability is identified as CVE-2026-44262. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in EspoCRM up to 9.3.3. This affects the function HostCheck::isNotInternalHost of the file /api/v1/Attachment/fromImageUrl. This manipulation causes server-side request forgery. This vulnerability is handled as CVE-2026-33534. The attack can be initiated remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

Fortinet has disclosed a critical authentication bypass affecting FortiClient Endpoint Management Server (EMS).

Это первый шаг к сети из нескольких квантовых компьютеров, соединённых обычным кабелем.

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. "The vulnerability allows any authenticated user to achieve remote code execution (RCE) on

Купили мощную видеокарту? Злоумышленникам это точно понравится.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to EnVisite, a French platform for real-estate virtual tours used by agents to create and share interactive property presentations.

New York, USA, 28th May 2026, CyberNewswire

A vulnerability labeled as critical has been found in Apache Artemis Stomp Protocol and ActiveMQ Artemis Stomp Protocol. This vulnerability affects unknown code of the component STOMP Protocol Handler. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-40914. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Mennekes Amtron up to 5.22.3. This impacts an unknown function of the component POST Request Handler. Executing a manipulation can lead to improper privilege management. This vulnerability is registered as CVE-2026-8980. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in bzip2 up to 1.0.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the component bzip2recover. The manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2026-42250. The attack requires a local approach. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Roundcube Webmail up to 1.6.15/1.7.0. Impacted is an unknown function. The manipulation results in incomplete blacklist. This vulnerability is identified as CVE-2026-9818. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Mennekes Amtron up to 5.22.3. This affects an unknown function of the file /operator/operator of the component POST Request Handler. Performing a manipulation results in improper authentication. This vulnerability is cataloged as CVE-2026-8979. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in View Concept Kidsview up to 4.4.2. It has been declared as critical. This affects an unknown part of the component Push Notification Handler. Such manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2026-8990. The attack can be executed directly on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

Готовы услышать самый странный климатический прогноз в вашей жизни?

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Figaro Immobilier / Explorimmo, a French real-estate platform offering property listings for sale, rent, and vacation stays.

A threat actor using the alias xMetah claims to be selling a database allegedly belonging to Resana, a French government collaboration platform hosted on the state's numerique.gouv.fr domain.