Aggregator

Submit #807693 / VDB-360921

A vulnerability was found in justdan96 tsMuxer up to 2.7.0. It has been rated as problematic. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the argument track_id causes denial of service. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2026-7739. The attack requires local access. In addition, an exploit is available.

A vulnerability identified as critical has been detected in tsMuxer 2.6.16. This affects the function HevcSpsUnit::short_term_ref_pic_set of the file hevc.cpp. This manipulation causes heap-based buffer overflow. This vulnerability is registered as CVE-2021-35346. The attack requires access to the local network. No exploit is available. Applying a patch is the recommended action to fix this issue.

Currently trending CVE - Hype Score: 1 - IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations ...

Currently trending CVE - Hype Score: 1 - IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.

Currently trending CVE - Hype Score: 1 - ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

Submit #807697 / VDB-360920

Submit #807696 / VDB-360919

Submit #807695 / VDB-360918

Submit #807694 / VDB-360917

Submit #807692 / VDB-360916

Submit #807651 / VDB-360915

Submit #807650 / VDB-212561

Submit #807649 / VDB-194035

Submit #807648 / VDB-194035

Submit #807647 / VDB-360914

Microsoft Defender triggered widespread false positive alerts after a faulty security update caused it to flag two legitimate DigiCert root certificates as malicious, potentially disrupting SSL/TLS validation and code-signing operations across enterprise environments worldwide. A Defender antimalware signature update released around April 30, 2026, introduced a detection labeled Trojan:Win32/Cerdigent.A!dha, which incorrectly identified registry entries belonging […]

The post Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware appeared first on Cyber Security News.

A vulnerability was found in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc1. It has been declared as critical. Affected by this vulnerability is the function dvb_dvr_open of the component dvb-core. Such manipulation leads to improper initialization. This vulnerability is referenced as CVE-2026-23253. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.4.11. Impacted is the function csa_va of the component amdgpu. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2023-53545. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in puchunjie doc-tools-mcp 1.0.18. It has been declared as critical. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. This vulnerability is reported as CVE-2026-7738. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.