Aggregator

CVE-2026-39828 | x-crypto up to 0.51.x on Go SSH Authentication Call authorization (Nessus ID 316591 / WID-SEC-2026-1653)

Vuldb Updates
6 days 16 hours ago
A vulnerability has been found in x-crypto up to 0.51.x on Go and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SSH Authentication Call Handler. The manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2026-39828. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-42500 | x-image-bmp up to 0.40.x on Go BMP File array index (EUVD-2026-33419 / Nessus ID 318019)

Vuldb Updates
6 days 16 hours ago
A vulnerability classified as critical was found in x-image-bmp up to 0.40.x on Go. The impacted element is an unknown function of the component BMP File Handler. The manipulation results in improper validation of array index. This vulnerability is cataloged as CVE-2026-42500. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-33809 | x-image up to 0.37.x on Go TIFF File Parser resource consumption (Nessus ID 303764 / WID-SEC-2026-1653)

Vuldb Updates
6 days 16 hours ago
A vulnerability was found in x-image up to 0.37.x on Go. It has been declared as problematic. This affects an unknown part of the component TIFF File Parser. Such manipulation leads to resource consumption. This vulnerability is documented as CVE-2026-33809. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-55204 | HAProxy up to 3.4.0 Dynamic Table src/hpack-tbl.c hpack_dht_insert null pointer dereference (EUVD-2026-37906 / WID-SEC-2026-2012)

Vuldb Updates
6 days 16 hours ago
A vulnerability marked as problematic has been reported in HAProxy up to 3.4.0. Affected by this vulnerability is the function hpack_dht_insert of the file src/hpack-tbl.c of the component Dynamic Table Handler. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-55204. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

INC Ransomware Uses Rust-Based Windows and Linux/ESXi Encryptors in New Attacks

Cyber Security News
6 days 17 hours ago

INC ransomware has grown from a newcomer threat into one of the most dangerous ransomware operations worldwide. What began as an emerging criminal group in mid-2023 has claimed over 800 victims globally, placing it among the top ransomware groups this year. The group runs under a Ransomware-as-a-Service model, recruiting affiliates and supplying them with ready-built […]

The post INC Ransomware Uses Rust-Based Windows and Linux/ESXi Encryptors in New Attacks appeared first on Cyber Security News.

Tushar Subhra Dutta

CISA Urges Hardening Fortinet Devices Following FortiBleed Attack

Cyber Security News
6 days 17 hours ago

CISA has issued an urgent advisory warning organizations to secure their Fortinet devices following reports of a large-scale credential exposure campaign known as “FortiBleed.” The alert comes after threat actors were found exploiting compromised credentials linked to tens of thousands of internet-facing Fortinet systems worldwide. According to CISA, the FortiBleed activity involves leaked credentials associated […]

The post CISA Urges Hardening Fortinet Devices Following FortiBleed Attack appeared first on Cyber Security News.

Abinaya

CVE-2026-12003 | Python CPython up to 3.14.x on Windows Installation Directory Modules/setup.local VPATH uncontrolled search path (ID 151544 / Nessus ID 321379)

Vuldb Updates
6 days 17 hours ago
A vulnerability, which was classified as problematic, was found in Python CPython up to 3.14.x on Windows. This vulnerability affects unknown code of the file Modules/setup.local of the component Installation Directory Handler. The manipulation of the argument VPATH results in uncontrolled search path. This vulnerability is reported as CVE-2026-12003. The attack requires a local approach. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2026-12452 | Google Chrome up to 149.0.7827.115 on Android Downloads use after free (Nessus ID 321381)

Vuldb Updates
6 days 17 hours ago
A vulnerability was found in Google Chrome on Android. It has been declared as critical. This issue affects some unknown processing of the component Downloads. The manipulation results in use after free. This vulnerability is identified as CVE-2026-12452. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-12456 | Google Chrome up to 149.0.7827.115 Extensions cross-domain policy (Nessus ID 321380)

Vuldb Updates
6 days 17 hours ago
A vulnerability, which was classified as problematic, has been found in Google Chrome. This affects an unknown function of the component Extensions. This manipulation causes permissive cross-domain policy with untrusted domains. This vulnerability appears as CVE-2026-12456. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

Managed ad