Aggregator

A vulnerability classified as critical was found in Irfanview 4.62. Affected is an unknown function of the component JPEG 2000 File Handler. Executing manipulation can lead to memory corruption. This vulnerability appears as CVE-2023-26974. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in TOTOLINK A7100RU 7.4cu.2313_B20191024. Affected by this vulnerability is an unknown functionality of the file /setting/setWanIeCfg of the component Setting Handler. This manipulation of the argument pppoeAcName causes command injection. This vulnerability is tracked as CVE-2023-26978. The attack is only possible within the local network. No exploit exists.

A vulnerability, which was classified as critical, has been found in In Atrocore 1.5.25. The impacted element is the function glyphicon-glyphicon-paperclip of the component Create Import Feed. The manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2023-26968. The attack requires being on the local network. There is not any exploit available.

A vulnerability was found in Atropim 1.5.26 and classified as critical. Affected by this issue is some unknown functionality. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2023-26969. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability has been found in EverShop NPM up to 1.0.0-rc.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation of the argument sortBy leads to cross site scripting. This vulnerability is listed as CVE-2023-46495. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

Vigilance Cyber Security's Moriah Hara on AI Automation and Responsible AI
Mohira Hara, CISO and AI security, risk and governance consultant at Vigilance Cyber Security, says AI is reshaping financial services by accelerating anti-money laundering efforts, automating SOC functions and driving stronger governance frameworks that make CISOs central to managing AI risk.

Documents Will Spotlight 5 Critical Risk Areas, Best Practices for Healthcare AI
The healthcare sector faces an array of complex cyber risk considerations involving artificial intelligence. The Health Sector Coordinating Council is rolling out a series of guidance documents to help these organizations navigate a long list of AI cybersecurity challenges.

CISA Pre-Shutdown Staffing Levels, State Grant Program to Be Restored Under Plan
A congressional funding bill would reverse shutdown-era layoffs at the Cybersecurity and Infrastructure Security Agency and restore the $1B State and Local Cybersecurity Grant Program, temporarily stabilizing the agency’s operations and buying Congress time for long-term reforms.

Legislation Proposes More Regulations for Greater Swath of the UK Economy
The British government introduced Wednesday long-anticipated cybersecurity legislation aimed at tackling disruptive hacks targeting critical national infrastructure. Companies that run afoul of the new regulations could face daily fines that amount to 10% of their global revenue.

Nederland ziet samen met een aantal partnerlanden af van de verwerving van 6 Boeing E-7 Wedgetails. Ze waren in beeld als opvolger van de Boeings E-3A, die nu als Awacs-toestellen worden gebruikt. Deze geavanceerde radarvliegtuigen bewaken vanuit het Duitse Geilenkirchen het Europese luchtruim.

Submit #683404 / VDB-194009

A vulnerability was found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. It has been classified as problematic. This affects an unknown part. This manipulation causes cross-site request forgery. This vulnerability appears as CVE-2025-13119. The attack may be initiated remotely. In addition, an exploit is available.

Submit #683335 / VDB-332324

A vulnerability was found in LibTIFF 4.5.0. It has been declared as critical. This impacts the function uv_encode. Executing manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2023-26966. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in Alteryx Server 2022.1.1.42590. It has been declared as critical. The impacted element is an unknown function of the component File Type Verification Handler. Such manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2023-26961. The attack requires being on the local network. There is not any exploit available.

A vulnerability, which was classified as critical, was found in LibTIFF up to 4.5.0. Affected is the function loadImage of the file tools/tiffcrop.c of the component TIFF Handler. Executing manipulation can lead to use after free. The identification of this vulnerability is CVE-2023-26965. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.

Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor exploiting two previously undisclosed zero-day flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC to deliver custom malware. Attackers also exploited multiple undisclosed vulnerabilities. Amazon’s […]