Aggregator

CVE-2026-45717 | budibase up to 3.38.0 Read Endpoint :datasourceId authorization

VulDB Recent Entries
3 days 9 hours ago
A vulnerability classified as critical was found in budibase up to 3.38.0. Affected is an unknown function of the file /api/datasources/:datasourceId of the component Read Endpoint. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-45717. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

Hackers Push 22 Versions of npm RAT With Wallet Theft and Persistent Backdoor

Cyber Security News
3 days 9 hours ago

A malicious npm package called forge-jsxy has been quietly stealing cryptocurrency wallet keys, browser credentials, and sensitive developer data across Windows, macOS, and Linux systems. Published to the npm registry on May 4, 2026, it pushed out 22 versions in 22 days, making it one of the most actively developed pieces of malware seen on […]

The post Hackers Push 22 Versions of npm RAT With Wallet Theft and Persistent Backdoor appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-44345 | BentoML up to 1.4.38 base_v2.j2 docker.base_image os command injection

VulDB Recent Entries
3 days 9 hours ago
A vulnerability described as critical has been identified in BentoML up to 1.4.38. This affects an unknown function of the file src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2. The manipulation of the argument docker.base_image results in os command injection. This vulnerability is reported as CVE-2026-44345. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-5509 | TP-Link Archer BE7200 V1/Archer BE450 v1 Web Management Interface input validation (EUVD-2026-32611)

VulDB Recent Entries
3 days 9 hours ago
A vulnerability marked as critical has been reported in TP-Link Archer BE7200 V1 and Archer BE450 v1. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to improper input validation. This vulnerability is documented as CVE-2026-5509. The attack requires being on the local network. There is not any exploit available.
vuldb.com

CVE-2026-44460 | error311 FileRise up to 3.11.x /api/totp_setup.php information disclosure

VulDB Recent Entries
3 days 9 hours ago
A vulnerability labeled as problematic has been found in error311 FileRise up to 3.11.x. The affected element is an unknown function of the file /api/totp_setup.php. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2026-44460. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-69600 | Raynet rvia 12.6.4392.49-amd64.deb Find Command Query URL command injection

VulDB Recent Entries
3 days 9 hours ago
A vulnerability identified as critical has been detected in Raynet rvia 12.6.4392.49-amd64.deb. Impacted is an unknown function of the component Find Command Query. Performing a manipulation of the argument URL results in command injection. This vulnerability is cataloged as CVE-2025-69600. The attack must be initiated from a local position. There is no exploit available.
vuldb.com

Managed ad