Aggregator

CVE-2026-31962 | samtools htslib up to 1.21.0/1.22.1/1.23 cram_decode_seq heap-based overflow (GHSA-xxmp-v7h3-gpwp / EUVD-2026-12923)

Vuldb Updates
2 weeks 5 days ago
A vulnerability classified as critical has been found in samtools htslib up to 1.21.0/1.22.1/1.23. Affected is the function cram_decode_seq. The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-31962. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-32611 | nicolargo glances up to 4.5.1 TimescaleDB Export __init__.py sql injection (GHSA-49g7-2ww7-3vf5)

Vuldb Updates
2 weeks 5 days ago
A vulnerability, which was classified as critical, was found in nicolargo glances up to 4.5.1. Impacted is an unknown function of the file glances/exports/glances_duckdb/__init__.py of the component TimescaleDB Export Module. Executing a manipulation can lead to sql injection. This vulnerability appears as CVE-2026-32611. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.
vuldb.com

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

The Hackers News
2 weeks 5 days ago
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March
The Hacker News

CVE-2026-33400 | ellite Wallos up to 4.6.x Statistics Page payment cross site scripting

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability has been found in ellite Wallos up to 4.6.x and classified as problematic. The affected element is the function payment of the component Statistics Page. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-33400. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-33401 | ellite Wallos up to 4.6.x AI Recommendations Endpoint AI Ollama host server-side request forgery

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability, which was classified as critical, was found in ellite Wallos up to 4.6.x. Impacted is an unknown function of the component AI Recommendations Endpoint. The manipulation of the argument AI Ollama host results in server-side request forgery. This vulnerability is known as CVE-2026-33401. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-33407 | ellite Wallos up to 4.6.x Endpoint search.php HTTP_PROXY/HTTPS_PROXY server-side request forgery

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability, which was classified as critical, has been found in ellite Wallos up to 4.6.x. This issue affects some unknown processing of the file endpoints/logos/search.php of the component Endpoint. The manipulation of the argument HTTP_PROXY/HTTPS_PROXY leads to server-side request forgery. This vulnerability is traded as CVE-2026-33407. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-33399 | ellite Wallos up to 4.6.x Notifications validate_webhook_url_for_ssrf server-side request forgery

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability classified as critical was found in ellite Wallos up to 4.6.x. This vulnerability affects the function validate_webhook_url_for_ssrf of the component Notifications Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2026-33399. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

HackerOne Data Breach – Employees Data Stolen Following Navia Hack

Cyber Security News
2 weeks 5 days ago

HackerOne recently disclosed a data breach affecting 287 of its employees following a cyberattack on its U.S. benefits administrator, Navia Benefit Solutions. The breach stemmed from a Broken Object Level Authorization (BOLA) vulnerability in Navia’s API, which exposed the sensitive personal and health information of approximately 2.7 million individuals nationwide. An unknown threat actor exploited […]

The post HackerOne Data Breach – Employees Data Stolen Following Navia Hack appeared first on Cyber Security News.

Guru Baran

CVE-2026-33161 | Craft CMS up to 4.17.7/5.9.13 Endpoint information disclosure

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability classified as problematic has been found in Craft CMS up to 4.17.7/5.9.13. This affects an unknown part of the component Endpoint. Performing a manipulation results in information disclosure. This vulnerability is reported as CVE-2026-33161. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-33340 | ParisNeo lollms-webui up to 8c5dcef63d847bb3d027ec74915d8fe4afd3014e Web User Interface missing authentication (GHSA-mcwr-5469-pxj4)

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability described as critical has been identified in ParisNeo lollms-webui up to 8c5dcef63d847bb3d027ec74915d8fe4afd3014e. Affected by this issue is some unknown functionality of the component Web User Interface. Such manipulation leads to missing authentication. This vulnerability is documented as CVE-2026-33340. The attack can be executed remotely. There is not any exploit available.
vuldb.com

Managed ad