154
CVEs
33
Threats
0
News
🛡 Security Vulnerabilities (CVE)
CVE-2026-35436
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate pri
11:18 KSA
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35439
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a ne
11:18 KSA
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40357
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a ne
14:42 KSA
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40365
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code
23:32 KSA
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
23:32 KSA
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-7498
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Informatio
09:48 KSA
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS.
This issue affects DernekWeb: through 30122025.
A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. …
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launc…
CVE-2026-40358
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
14:42 KSA
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40361
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
20:44 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
20:44 KSA
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40364
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker t
20:44 KSA
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
23:32 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40367
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
23:32 KSA
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-35438
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
11:18 KSA
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-40368
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a ne
23:32 KSA
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35417
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to
08:00 KSA
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35418
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
08:00 KSA
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35420
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
08:00 KSA
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35421
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
08:00 KSA
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-40359
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
17:30 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40360
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
20:44 KSA
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40362
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
20:44 KSA
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40369
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
23:32 KSA
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40377
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally
23:32 KSA
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40381
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
23:32 KSA
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-47092
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attac
13:16 KSA
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud per…
CVE-2026-35424
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorize
11:18 KSA
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-42009
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) pac
09:48 KSA
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequen…
CVE-2026-8771
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litem
01:34 KSA
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql i…
CVE-2026-8785
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the func
09:48 KSA
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to…
CVE-2026-4999
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue af
02:36 KSA
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversa…
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the fil
02:36 KSA
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possi…
CVE-2026-5020
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNotice
12:52 KSA
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may…
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHos
12:52 KSA
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be ini…
CVE-2026-5126
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. T
09:57 KSA
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVE-2026-5153
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/Wr
09:57 KSA
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and m…
CVE-2026-5177
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function
09:57 KSA
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched rem…
CVE-2026-5178
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the func
09:57 KSA
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is …
CVE-2026-5181
A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some un
09:57 KSA
A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctors_appointment/admin/ajax.php?action=save_category. Such manipulation of the argument img leads to unrestricted upload. The a…
CVE-2026-5183
A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the
09:57 KSA
A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit …
CVE-2026-5184
A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file
09:57 KSA
A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available…
CVE-2026-5196
A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the fi
09:57 KSA
A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the p…
CVE-2026-5197
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of
09:57 KSA
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /delete_user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public …
CVE-2026-5205
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigge
09:57 KSA
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack ca…
CVE-2026-5206
A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects
09:57 KSA
A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Payment_id/Amount/customer_id/payment_type/customer_name leads to sql injection…
CVE-2026-5248
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app
09:57 KSA
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes…
CVE-2026-5251
A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user
09:57 KSA
A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is p…
CVE-2026-5259
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the
09:57 KSA
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulatio…
CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_
09:59 KSA
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used …
CVE-2026-5327
A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function h
21:30 KSA
A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The explo…
CVE-2026-5328
A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted e
21:30 KSA
A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Int…
CVE-2026-5344
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt
21:30 KSA
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote expl…
CVE-2026-5351
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setu
23:32 KSA
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available t…
CVE-2026-5352
A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /se
01:52 KSA
A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly…
CVE-2026-5353
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. P
01:52 KSA
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and…
CVE-2026-5354
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the f
01:52 KSA
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been…
CVE-2026-5355
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the fil
01:52 KSA
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has bee…
CVE-2026-5470
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca6
19:04 KSA
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Mod…
CVE-2026-5472
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Th
19:04 KSA
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php of the component Profile Picture Handler. This manipulation of the argument File…
CVE-2026-5474
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw
19:04 KSA
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must h…
CVE-2026-5528
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown par
09:16 KSA
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed…
CVE-2026-5530
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of
09:16 KSA
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted e…
CVE-2026-5532
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sand
09:16 KSA
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The manipulation results in os command inject…
CVE-2026-5537
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the functio
11:32 KSA
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads…
CVE-2026-5538
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of
13:48 KSA
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to la…
CVE-2026-6191
SQL Injection in itsourcecode Construction Management System 1.0 /equipments.php
00:32 KSA
A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publ…
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may…
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be …
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injec…
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the…
A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been publishe…
CVE-2026-6626
Cockpit-HQ Cockpit Input Validation Vulnerability in Asset/Aggregate Handler
20:32 KSA
A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to l…
A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit…
CVE-2026-6634
usememos Authorization Bypass via additionalStyle/additionalScript Manipulation
20:32 KSA
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack…
A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has bee…
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attack…
A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendo…
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command…
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the …
CVE-2026-7196
SQL Injection in CodeAstro Online Classroom 1.0 /guestdetails deleteid Parameter
06:18 KSA
A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publ…
A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible t…
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. Th…
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is pos…
CVE-2026-7266
SQL Injection in SourceCodester Pizzafy Ecommerce System 1.0 save_order Function
22:54 KSA
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The explo…
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may …
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exp…
A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword c…
A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotel…
A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addres…
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The explo…
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to …
A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and…
A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be p…
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible…
A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request f…
A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the compon…
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploi…
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such manipulation of the argument ea_name leads to path traversal. The attack can…
A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiat…
A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely.…
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be init…
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The atta…
CVE-2026-7672
SQL Injection in youlai-boot getUserList Endpoint via Argument Order Manipulation
08:00 KSA
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads …
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to…
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotel…
A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. Th…
A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can l…
A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit ha…
A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploi…
A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is …
A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack m…
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried …
A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be …
A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remote…
A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be launc…
A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may …
A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack…
A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit ha…
A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiate…
A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitat…
A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit h…
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argumen…
A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The ex…
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initia…
A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched rem…
A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STATE_ID leads to sql injection. Remote exploitation of the attack is possible. The…
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be laun…
A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now pub…
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been publis…
CVE-2026-7743
CodeAstro Online Classroom 1.0 SQL Injection in studentdetails deleteid Parameter
14:48 KSA
A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The expl…
A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and…
A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been pu…
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely…
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be pe…
A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the…
A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control …
A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly a…
A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pa…
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit …
A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be init…
A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The explo…
A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection. The attack can be ini…
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorizatio…
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers ca…
Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers…
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access t…
CVE-2026-32849
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/op
00:54 KSA
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int but assigned from an unsigned cop->dst_len value, causing undefined behavior w…
Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration fi…
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summar…
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
Microsoft Edge (Chromium-based) Spoofing Vulnerability
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The …
⚠️ Threat Intelligence
33 threats
rss:Dark Reading
—
03:40 KSA
Boulevard of Broken Dreams: 2 Decades of Cyber Fails
A retrospective analysis of major cybersecurity failures over two decades, including the MGM and Caesars breaches and MOVEit vulnerability exploitation. The article examines systemic failures, patch management…
rss:Krebs on Securit
—
03:40 KSA
CISA Admin Leaked AWS GovCloud Keys on Github
A CISA contractor accidentally exposed highly privileged AWS GovCloud credentials and internal CISA system access through a public GitHub repository. The leaked credentials provided access to critical government clou…
rss:Dark Reading
—
02:18 KSA
Shai-Hulud Worm Clones Spread After Code Release
The Shai-Hulud worm source code has been publicly released, enabling threat actors to create variants of this self-replicating malware. Researchers warn that the availability of source code significantly increases…
rss:BleepingComputer
—
01:15 KSA
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
Organizations face risks from unsanctioned shadow AI tools used by employees without security oversight. The article provides guidance on implementing practical AI governance frameworks that bala…
rss:The Hacker News
—
23:59 KSA
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
INTERPOL coordinated a major cybercrime operation across 13 MENA countries resulting in 201 arrests and identification of 382 additional suspects between October 2025 and February 2026. T…
rss:BleepingComputer
—
23:59 KSA
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware, recently leaked, is being exploited in active attacks targeting the Node Package Manager (npm) repository. Threat actors have uploaded infected packages to npm, potentially comp…
rss:Dark Reading
—
22:54 KSA
Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
Iranian threat actors are exploiting insecure automatic tank gauge (ATG) systems exposed on the internet to conduct cyber attacks on fuel infrastructure. Security experts have long warned that these …
rss:The Hacker News
—
21:50 KSA
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Weekly security recap covering multiple critical threats including an active Exchange zero-day vulnerability, npm package poisoning attacks, malicious AI repository impersonation, and…
rss:BleepingComputer
—
20:48 KSA
Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed a security breach where attackers used a stolen GitHub access token to compromise their GitHub environment and download proprietary source code. This incident highlights the criti…
rss:SecurityWeek
—
19:44 KSA
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
Four chained vulnerabilities in OpenClaw software enable attackers to steal credentials, escape sandbox restrictions, and deploy persistent backdoors for long-term system compromise. This vulner…
rss:SecurityWeek
—
19:44 KSA
Millions Impacted Across Several US Healthcare Data Breaches
Multiple healthcare data breaches in the US have exposed hundreds of thousands to millions of patient records, with incidents being tracked by the Department of Health and Human Services. These breache…
rss:The Hacker News
—
19:44 KSA
How to Reduce Phishing Exposure Before It Turns into Business Disruption
The article addresses the critical gap in SOC capabilities where phishing emails bypass security controls and cause business disruption. It highlights the challenge organizations face in de…
rss:SecurityWeek
—
18:08 KSA
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
ShinyHunters threat actors have confirmed a data breach of 7-Eleven, claiming to have stolen over 600,000 Salesforce records containing personal and corporate information. The attackers are demandin…
rss:The Hacker News
—
18:08 KSA
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Multiple enterprise software vendors including Ivanti, Fortinet, SAP, VMware, and n8n have released security patches for critical vulnerabilities including remote code execut…
rss:The Hacker News
—
18:08 KSA
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are targeting developer workstations and stealing credentials to compromise trusted software repositories. Three separate campaigns hit npm, PyPI, and Docker Hub within 48 ho…
rss:BleepingComputer
—
18:08 KSA
Microsoft testing adjustable taskbar, Start menu in Windows 11
Microsoft is testing resizable taskbar and Start menu features in Windows 11 preview builds for Insiders. This update restores user interface customization options that were removed in the original W…
rss:Malwarebytes Lab
—
17:06 KSA
Microsoft is changing Edge’s plaintext password behavior
Microsoft Edge will no longer store saved passwords in plaintext memory throughout the browser session, addressing security vulnerabilities identified by a researcher. This change enhances password protect…
rss:SecurityWeek
—
17:06 KSA
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
A researcher has released the MiniPlasma exploit that leverages original proof-of-concept code targeting an unpatched Windows vulnerability from 2020. This public disclosure of working exploit co…
rss:The Hacker News
—
17:06 KSA
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Researchers discovered four malicious npm packages containing information-stealing malware and DDoS capabilities, including a clone of the Shai-Hulud worm. The packages had limited dow…
rss:SecurityWeek
—
15:54 KSA
First Shai-Hulud Worm Clones Emerge
Threat actors have begun leveraging the recently released Shai-Hulud malware source code to conduct attacks against NPM developers. This represents an escalation in supply chain threats targeting the JavaScript development eco…
rss:SecurityWeek
—
14:48 KSA
Grafana Confirms Breach After Hackers Claim They Stole Data
Grafana confirmed a data breach after the Coinbase Cartel cybercrime group claimed to have stolen data from the organization. The threat actors are linked to notorious groups including ShinyHunters, Sca…
rss:The Hacker News
—
14:48 KSA
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
A Windows zero-day vulnerability named MiniPlasma has been disclosed that allows attackers to escalate privileges to SYSTEM level even on fully patched systems. The PoC was rel…
rss:The Hacker News
—
14:48 KSA
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
Analysis reveals Fast16, a Lua-based malware predating Stuxnet, was a sophisticated cyber sabotage tool designed to corrupt uranium-compression simulations used in nuclear weapons testing. This…
rss:BleepingComputer
—
14:48 KSA
Microsoft confirms Windows 11 security update install issues
Microsoft has acknowledged installation failures for the May 2026 Windows 11 security update (KB5089549), which generates 0x800f0922 errors on affected systems. This update failure could leave vulnerab…
rss:Malwarebytes Lab
—
13:47 KSA
A week in security (May 11 – May 17)
Weekly security digest covering cybersecurity topics and incidents from May 11-17, 2026. Provides overview of emerging threats and security developments during the specified period.
Source: https://www.malwarebytes…
rss:SecurityWeek
—
13:47 KSA
Exploitation of Critical NGINX Vulnerability Begins
A critical NGINX vulnerability is being actively exploited, causing denial-of-service attacks on default configurations and enabling remote code execution when ASLR is disabled. This vulnerability poses signifi…
rss:BleepingComputer
—
13:47 KSA
Exploit available for new DirtyDecrypt Linux root escalation flaw
A proof-of-concept exploit has been released for the DirtyDecrypt Linux kernel vulnerability in the rxgk module, enabling local attackers to escalate privileges and gain root access on vulnerable …
rss:BleepingComputer
—
12:18 KSA
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
Security researchers discovered and exploited 47 zero-day vulnerabilities at Pwn2Own Berlin 2026, earning $1.3 million in rewards. These critical flaws across various software platforms represent si…
rss:SecurityWeek
—
10:41 KSA
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
Security researchers demonstrated critical exploits for major platforms including Windows, Linux, VMware, Nvidia, and AI products at Pwn2Own Berlin 2026. The competition highlighted significant vulnerabilities ac…
rss:Malwarebytes Lab
—
08:54 KSA
AI is distorting the Holocaust (Lock and Code S07E10)
This podcast episode discusses how AI-generated imagery is being misused to distort historical narratives of the Holocaust. While primarily focused on historical accuracy and misinformation, it highlights ris…
rss:Dark Reading
—
07:16 KSA
Can Laws Stop Deepfakes? South Korea Aims to Find Out
South Korea is testing regulatory frameworks to combat deepfakes during upcoming local elections. The initiative examines how legal measures can effectively prevent the spread of synthetic media used for disi…
rss:BleepingComputer
—
05:36 KSA
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
A Windows privilege escalation zero-day vulnerability named 'MiniPlasma' has been publicly disclosed with a proof-of-concept exploit that allows attackers to gain SYSTEM-level …
rss:Dark Reading
—
03:40 KSA
The Boring Stuff is Dangerous Now
AI agents are emerging with the capability to discover and exploit obscure vulnerabilities, while developers simultaneously generate large volumes of potentially flawed AI-generated code. This dual threat forces cybersecurity de…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Monday, May 18, 2026
CVE Archive ·
Threats ·
News