Aggregator

A vulnerability labeled as problematic has been found in x-crypto up to 0.51.x. The impacted element is an unknown function. The manipulation results in integer overflow. This vulnerability is known as CVE-2026-39834. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

Positive Technologies нашла уязвимость AMD, которая могла дать атакующим почти полный контроль над устройством.

A vulnerability was found in ThingsBoard up to 4.3.1.1. It has been classified as critical. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. The identification of this vulnerability is CVE-2026-9568. It is possible to initiate the attack remotely. There is no exploit available. The project was informed of the problem early through a pull request but has not reacted yet.

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

Submit #817064 / VDB-365630

A vulnerability was found in GPAC up to 2.4.0 and classified as problematic. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-9567. The attack needs to be approached locally. In addition, an exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in teableio teable up to 1.9.x and classified as problematic. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-9566. The attack is possible to be carried out remotely. Moreover, an exploit is present. The affected component should be upgraded. The vendor confirms: "The default branch of teableio/teable is develop, and the reported login redirect issue has already been fixed there. The login redirect flow now validates the redirect parameter with isValidRedirectPath() before navigation, which blocks javascript:, data:, and cross-origin redirects."

Submit #816075 / VDB-365629

Submit #815798 / VDB-365628

A newly disclosed security issue in Memcached has raised concerns after developers confirmed a timing side-channel vulnerability in its SASL authentication mechanism that could allow attackers to infer valid usernames, now tracked as CVE‑2026‑47783. The flaw was addressed in the recently released Memcached version 1.6.42, a security-focused update that fixes multiple critical bugs affecting stability […]

The post Critical Memcached SASL Vulnerability Let Attackers Infer Valid Usernames appeared first on Cyber Security News.

360为智能体产业高质量发展夯实人才基础

Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from Shareoint deserializing untrusted data, and may be exploited by an authenticated attacker to execute code remotely on a vulnerable SharePoint Server instance – no user interaction required. “The attack complexity is Low (AC:L) because … More →

The post High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-9565. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A newly disclosed vulnerability in Apache CXF, tracked as CVE-2026-44930, is raising concerns among enterprise users relying on its XKMS (XML Key Management Specification) services. The flaw, classified as an important severity issue, affects the LDAP-based certificate repository component and could allow attackers to retrieve arbitrary digital certificates from vulnerable systems. Apache CXF is widely […]

The post Apache CXF LDAP Injection Vulnerability Let Attacker Retrieve Arbitrary Certificates appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Performing a manipulation of the argument Remarks results in cross site scripting. This vulnerability is known as CVE-2026-9564. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-9562. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.

Submit #815713 / VDB-365627

ConnectWise has disclosed a high-impact security vulnerability in its Automate platform that could allow attackers to bypass critical security checks and execute malicious code under specific conditions. The flaw, tracked as CVE-2026-9089, affects versions of ConnectWise Automate before 2026.5 and has been assigned a CVSS score of 8.8, highlighting its potential severity in managed service […]

The post ConnectWise Automate Vulnerability Let Attackers Bypass Security Checks appeared first on Cyber Security News.