Aggregator

A vulnerability was found in Gotenberg up to 8.30.1. It has been declared as critical. This vulnerability affects unknown code of the component Metadata Write Endpoint. Executing a manipulation can lead to argument injection. This vulnerability appears as CVE-2026-40281. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability was found in Netty up to 4.1.132.Final/4.2.12.Final. It has been classified as problematic. This affects the function setUri of the component HTTP Request Handler. Performing a manipulation results in crlf injection. This vulnerability is reported as CVE-2026-41417. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in lxc incus up to 6.x and classified as problematic. Affected by this issue is the function srcBackup.Config.VolumeSnapshots. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-40197. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in open-telemetry opentelemetry-dotnet up to 1.15.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Zipkin Exporter Remote Endpoint. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2026-41310. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in lxc incus up to 6.x. Affected is an unknown function. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-40195. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in open-telemetry opentelemetry-dotnet-contrib up to 1.15.0-beta.1. This impacts the function AzureVmMetaDataRequestor of the component Response Body Handler. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-41483. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical was found in lxc incus up to 6.x. This affects an unknown function of the component OVN Endpoint. Executing a manipulation can lead to improper certificate validation. This vulnerability is tracked as CVE-2026-40243. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Почему сисадмины по всему миру просто пропустили момент вторжения?

A vulnerability classified as problematic has been found in open-telemetry opentelemetry-dotnet-contrib up to 1.15.0. The impacted element is the function HttpJsonPostTransport. Performing a manipulation results in allocation of resources. This vulnerability is identified as CVE-2026-41484. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in PHPOffice PhpSpreadsheet up to 1.30.3/2.1.15/2.4.4/3.10.4/5.6.0. The affected element is an unknown function of the component Placeholder Handler. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-40296. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

Distributed Denial of Service (DDoS) campaign targeted a large-scale user-generated content platform, unleashing over 2.45 billion malicious requests in just five hours. Rather than relying on brute-force methods, the attackers distributed traffic across 1.2 million unique IP addresses. This structural shift exposed a fundamental weakness in traditional rate-limiting defenses. By keeping individual IP request rates extremely […]

The post Massive 2.45B-Request DDoS Attack Used 1.2 Million IPs to Evade Rate Limits appeared first on Cyber Security News.

A CVSS score 7.3 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N severity vulnerability discovered by 'Vladislav Berghici of TrendAI Research' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Adam Babis' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.6 AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Meshaal (@unrealmesh)' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Peter Gabaldon (https://x.com/PedroGabaldon)' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Charbel F.' was reported to the affected vendor on: 2026-05-07, 43 days ago. The vendor is given until 2026-09-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability marked as problematic has been reported in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. Impacted is the function createBundle of the file csettings.cfc. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2026-40326. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.