Aggregator

A vulnerability labeled as critical has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. This vulnerability was named CVE-2026-7713. The attack may be performed from remote. In addition, an exploit is available. The affected component should be upgraded.

Submit #807542 / VDB-236685

Submit #807105 / VDB-360892

DeepSeek V4 是迄今为止在 CAISI 评估的各个领域（网络安全、软件工程、自然科学、抽象推理和数学）中性能最强的 PRC 模型。CAISI 在上述五个领域

Submit #806913 / VDB-360891

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly. Listed tasks include attending in-person meetings, photographing locations, delivering items, … More →

The post Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months appeared first on Help Net Security.

Security leadership is often associated with emerging threats and advanced technologies, but much of the role comes down to disciplined execution, thoughtful decision-making, and balancing protection with business continuity. In CISO Diaries, we speak with leading CISOs around the world to understand what the role actually looks like beyond frameworks and incident headlines, how security […]

The post CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense appeared first on CISO Whisperer.

The post CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense appeared first on Security Boulevard.

Security leadership is often associated with emerging threats and advanced technologies, but muc

Submit #806468 / VDB-360890

Submit #806403 / VDB-360889

Table of ContentsTproxyNATTproxyTProxy (Transparent Proxy)NATNAT (Network Address Trans

A vulnerability identified as critical has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2026-7712. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. This vulnerability is handled as CVE-2026-7711. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in YunaiV yudao-cloud up to 3.8.0. It has been rated as critical. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. This vulnerability is known as CVE-2026-7710. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #806827 / VDB-360888

Submit #806822 / VDB-360887

A vulnerability was found in janeczku Calibre-Web up to 0.6.26. It has been declared as critical. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. This vulnerability is traded as CVE-2026-7709. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #806493 / VDB-360886

Submit #805823 / VDB-360885

A vulnerability was found in Open5GS up to 2.7.7. It has been classified as problematic. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supi_id causes denial of service. This vulnerability appears as CVE-2026-7708. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.