Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel. The impacted element is the function security_inode_alloc of the file inode.c of the component NILFS File System Handler. Such manipulation leads to use after free. This vulnerability is traded as CVE-2022-2978. The attack may be launched remotely. There is no exploit available. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this vulnerability is an unknown functionality of the component TPM Device Handler. This manipulation causes use after free. This vulnerability is registered as CVE-2022-2977. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability categorized as critical has been discovered in Avaya Aura Application Enablement Services up to 8.1.3.4/10.1.0.1. This affects an unknown function. Such manipulation leads to improper privilege management. This vulnerability is listed as CVE-2022-2975. The attack must be carried out locally. There is no available exploit.

A new phishing technique called VaultJacking has emerged, and it is raising serious alarms across the cybersecurity community. With just a single captured 6-digit PIN, an attacker can walk away with an entire Google Password Manager vault, including every saved password and passkey stored inside. This is not a theoretical risk, as it is a […]

The post VaultJacking Attack Steals Entire Google Password Manager Vault With One Captured PIN appeared first on Cyber Security News.

A vulnerability classified as critical has been found in dedoc scramble up to 0.13.21. This issue affects some unknown processing. Performing a manipulation results in code injection. This vulnerability is identified as CVE-2026-44262. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in EspoCRM up to 9.3.3. This affects the function HostCheck::isNotInternalHost of the file /api/v1/Attachment/fromImageUrl. This manipulation causes server-side request forgery. This vulnerability is handled as CVE-2026-33534. The attack can be initiated remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

Fortinet has disclosed a critical authentication bypass affecting FortiClient Endpoint Management Server (EMS).

Это первый шаг к сети из нескольких квантовых компьютеров, соединённых обычным кабелем.

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. "The vulnerability allows any authenticated user to achieve remote code execution (RCE) on

Купили мощную видеокарту? Злоумышленникам это точно понравится.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to EnVisite, a French platform for real-estate virtual tours used by agents to create and share interactive property presentations.

New York, USA, 28th May 2026, CyberNewswire

A vulnerability labeled as critical has been found in Apache Artemis Stomp Protocol and ActiveMQ Artemis Stomp Protocol. This vulnerability affects unknown code of the component STOMP Protocol Handler. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-40914. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Mennekes Amtron up to 5.22.3. This impacts an unknown function of the component POST Request Handler. Executing a manipulation can lead to improper privilege management. This vulnerability is registered as CVE-2026-8980. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in bzip2 up to 1.0.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the component bzip2recover. The manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2026-42250. The attack requires a local approach. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Roundcube Webmail up to 1.6.15/1.7.0. Impacted is an unknown function. The manipulation results in incomplete blacklist. This vulnerability is identified as CVE-2026-9818. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.