Aggregator

CVE-2026-47333 | Canonical Ubuntu Linux 6.8/6.17/7.0 AppArmor out-of-bounds (Nessus ID 321369)

Vuldb Updates
1 week 2 days ago
A vulnerability categorized as critical has been discovered in Canonical Ubuntu Linux 6.8/6.17/7.0. The affected element is an unknown function of the component AppArmor. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-47333. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-47328 | Canonical Ubuntu Linux 6.8/6.17/7.0 AppArmor kmalloc free of memory not on the heap (Nessus ID 321369)

Vuldb Updates
1 week 2 days ago
A vulnerability labeled as problematic has been found in Canonical Ubuntu Linux 6.8/6.17/7.0. Impacted is the function kmalloc of the component AppArmor. Such manipulation leads to free of memory not on the heap. This vulnerability is documented as CVE-2026-47328. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-47329 | Canonical Ubuntu Linux 6.8/6.17/7.0 AppAmor Name improper validation of specified quantity in input (Nessus ID 321369)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Canonical Ubuntu Linux 6.8/6.17/7.0 and classified as problematic. This affects an unknown part of the component AppAmor. Executing a manipulation of the argument Name can lead to improper validation of specified quantity in input. The identification of this vulnerability is CVE-2026-47329. The attack can only be executed locally. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-47330 | Canonical Ubuntu Linux 6.8/7.0/7.17 AppArmor uninitialized variable (Nessus ID 321369)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Canonical Ubuntu Linux 6.8/7.0/7.17. It has been classified as problematic. This vulnerability affects unknown code of the component AppArmor. The manipulation leads to use of uninitialized variable. This vulnerability is referenced as CVE-2026-47330. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-47327 | Canonical Ubuntu Linux 6.8/6.17/7.0 AppArmor null pointer dereference (Nessus ID 321369)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Canonical Ubuntu Linux 6.8/6.17/7.0 and classified as problematic. The impacted element is an unknown function of the component AppArmor Handler. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2026-47327. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

Pear

Dark Feed IO
1 week 2 days ago

You must login to view this content

cohenido

Modos 推出 13.3 英寸开源彩色电子纸显示屏

Solidot
1 week 2 days ago
在成功推出开源电子纸显示屏 DIY 工具包 Paper Monitor 和 Dev Kit 后,创业公司 Modos 准备推出一款完整的量产版显示屏。它在 Crowd Supply 上发起了众筹活动,筹款目标是 17.5 万美元,该目标已经达成,目前的金额达到了 45.6 万美元。Crowd Supply 计划推出的是 13.3 英寸、分辨率 3,200 x 2,400,支持触控,刷新率达到 60-Hz 的电子纸显示屏,其中黑白版本的众筹价格是 619 美元,彩色版本价格 719 美元。公司的两位联合创始人 Alexander Soto 和 Wenting Zhang 接受了 IEEE Spectrum 的采访。

CVE-2022-37660 | hostapd up to 2.10 PKEX Code nonce re-use (EUVD-2022-40274 / Nessus ID 218383)

Vuldb Updates
1 week 2 days ago
A vulnerability marked as problematic has been reported in hostapd up to 2.10. Affected by this issue is some unknown functionality of the component PKEX Code. The manipulation leads to reusing a nonce. This vulnerability is traded as CVE-2022-37660. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2020-1745 | Undertow up to 2.0.29.Final/2.0.30.Final AJP Connector improper authorization (EUVD-2022-4009)

Vuldb Updates
1 week 2 days ago
A vulnerability has been found in Undertow up to 2.0.29.Final/2.0.30.Final and classified as critical. This issue affects some unknown processing of the component AJP Connector. Performing a manipulation results in improper authorization. This vulnerability is identified as CVE-2020-1745. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2022-37609 | beautify-web js-beautify 1.13.7 options.js Name prototype pollution (Issue 2106 / EUVD-2022-40230)

Vuldb Updates
1 week 2 days ago
A vulnerability marked as critical has been reported in beautify-web js-beautify 1.13.7. This affects an unknown part of the file options.js. The manipulation of the argument Name leads to improperly controlled modification of object prototype attributes. This vulnerability is documented as CVE-2022-37609. The attack requires being on the local network. There is not any exploit available.
vuldb.com

CVE-2022-37462 | Cisco Upstream Works Agent Desktop for Cisco Finesse up to 4.2.12/5.0 File Upload AttachmentId cross site scripting (EUVD-2022-40087)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Cisco Upstream Works Agent Desktop for Cisco Finesse up to 4.2.12/5.0 and classified as problematic. This affects an unknown function of the component File Upload Handler. Executing a manipulation of the argument AttachmentId can lead to cross site scripting. This vulnerability is handled as CVE-2022-37462. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

Webinar: How attackers bypass MFA and how defenders can respond

Bleeping Computer.
1 week 2 days ago
Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. [...]
BleepingComputer

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware

Help Net Security
1 week 2 days ago

A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as tools designed to help users make money. The offerings included cryptocurrency sniper bots and gambling “predictors” that claimed to identify winning opportunities before other traders or forecast the outcome of online betting games. Instead of quick … More →

The post Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware appeared first on Help Net Security.

Sinisa Markovic

Hackers Abuse Third-Party Okendo Reviews Script to Spread SmartApeSG Malware Campaign

Cyber Security News
1 week 2 days ago

A newly discovered supply chain attack has put thousands of e-commerce websites at risk after a popular third-party reviews widget was quietly turned into a malware delivery tool. Threat actors behind the SmartApeSG campaign injected malicious JavaScript into the Okendo Reviews widget, a platform trusted by more than 18,000 brands worldwide, to push malware to […]

The post Hackers Abuse Third-Party Okendo Reviews Script to Spread SmartApeSG Malware Campaign appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-8296 | Octopus Deploy Octopus Server up to 2025.4.10677/2026.1.11450/2026.2.13113 cross site scripting (EUVD-2026-38000)

VulDB Recent Entries
1 week 2 days ago
A vulnerability has been found in Octopus Deploy Octopus Server up to 2025.4.10677/2026.1.11450/2026.2.13113 and classified as problematic. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-8296. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2026-34192 | Imagination Graphics DDK up to 1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM GPU Page use after free (EUVD-2026-38001)

VulDB Recent Entries
1 week 2 days ago
A vulnerability, which was classified as critical, was found in Imagination Graphics DDK up to 1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. The impacted element is an unknown function of the component GPU Page. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2026-34192. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

Managed ad