Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.19.9. This affects the function gpiod_set_value in the library drivers/gpio/gpiolib.c of the component NFC. Executing a manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2026-31545. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Linux Kernel up to 6.19.9. This vulnerability affects the function bond_debug_rlb_hash_show of the file bond_alb.c of the component net. The manipulation of the argument slave leads to null pointer dereference. This vulnerability is documented as CVE-2026-31546. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.19.9. This issue affects the function ccs_mode_store. The manipulation results in privilege escalation. This vulnerability is reported as CVE-2026-31547. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.19/6.19.9. Affected by this issue is the function __scmi_event_handler_get_ops of the component arm_scmi. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-31544. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.19/6.19.9 and classified as critical. This affects the function read_key_from_user_keying of the component crash_dump. Executing a manipulation can lead to information exposure through debug log file. This vulnerability is handled as CVE-2026-31543. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.19/6.19.9. The affected element is the function update_marker_trace of the file /sys/kernel/tracing/trace_marker. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-31541. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.129/6.12.77/6.18.19/6.19.9 and classified as critical. The impacted element is an unknown function. Performing a manipulation results in allocation of resources. This vulnerability is known as CVE-2026-31542. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A well-known Iranian threat group has found a new way to push malware onto people’s machines. Instead of sending phishing emails, the group built a fake website that impersonated a real database software download page and used search engine tricks to rank it near the top of results. Anyone who searched for the tool online […]

The post Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. This vulnerability is cataloged as CVE-2026-9515. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is directly passed by the attacker/so we can control the NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop leads to os command injection. This vulnerability is listed as CVE-2026-9514. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. This vulnerability is tracked as CVE-2026-9513. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. This vulnerability is identified as CVE-2026-9512. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. This vulnerability is referenced as CVE-2026-9511. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in Extro Responsive Portfolio 1.6.1 on Joomla. Affected by this issue is some unknown functionality of the component POST Request Handler. This manipulation of the argument filter_type_id/filter_pid_id/filter_search causes sql injection. The identification of this vulnerability is CVE-2018-25381. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as problematic has been found in benoitc hackney up to 4.0.0. Affected by this vulnerability is an unknown functionality of the component Housekeeping Message Handler. The manipulation results in resource consumption. This vulnerability was named CVE-2026-47077. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in benoitc hackney up to 4.0.0. Affected is an unknown function of the file src/hackney_ws.erl. The manipulation of the argument frag_buffer leads to resource consumption. This vulnerability is uniquely identified as CVE-2026-47073. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in benoitc hackney up to 4.0.0. This impacts an unknown function of the file src/hackney_url.erl of the component URL Parser. Executing a manipulation can lead to allocation of resources. This vulnerability is handled as CVE-2026-47067. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Extro eXtroForms 2.1.5 on Joomla. It has been rated as critical. This affects an unknown function. Performing a manipulation of the argument filter_type_id/filter_pid_id/filter_search results in sql injection. This vulnerability is known as CVE-2018-25380. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Admidio 3.3.5. It has been declared as problematic. The impacted element is an unknown function of the file roles_function.php. Such manipulation of the argument rol_assign_roles/rol_approve_users/rol_edit_user leads to cross-site request forgery. This vulnerability is traded as CVE-2018-25370. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Softneta MedDream PACS Server Premium 6.7.1.1. It has been classified as critical. The affected element is an unknown function of the file nocache.php. This manipulation of the argument path causes path traversal. This vulnerability appears as CVE-2018-25374. The attack may be initiated remotely. In addition, an exploit is available.