Posts of last 24 hours
https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-648
AsyncRAT is back in the headlines, and the attackers behind it have found a clever way to hide in plain sight. Instead of relying on suspicious servers, they use Dropbox links and TryCloudflare tunnels, both trusted services that most security tools rarely block. The result is a campaign that slips past everyday defenses while quietly […]
The post AsyncRAT Campaign Abuses TryCloudflare Tunnels and Python Scripts for Malware Delivery appeared first on Cyber Security News.
https://cybersecuritynews.com/asyncrat-campaign-abuses-trycloudflare-tunnels/
A vulnerability was found in Grokability Snipe-IT up to 8.4.0. It has been declared as critical. This issue affects some unknown processing. Such manipulation leads to preservation of permissions.
This vulnerability is listed as CVE-2026-44832. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
https://vuldb.com/vuln/365799
A vulnerability described as critical has been identified in Samsung Internet. Impacted is an unknown function. Such manipulation leads to improper authorization.
This vulnerability is uniquely identified as CVE-2026-21036. Local access is required to approach this attack. No exploit exists.
Upgrading the affected component is recommended.
https://vuldb.com/vuln/368913
A vulnerability categorized as problematic has been discovered in Apache Cordova Plugin InAppBrowser up to 6.0.0 on iOS. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper input validation.
This vulnerability is registered as CVE-2026-47430. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
https://vuldb.com/vuln/369161
A vulnerability labeled as critical has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Ancillary Function Driver for WinSock. Such manipulation leads to heap-based buffer overflow.
This vulnerability is uniquely identified as CVE-2026-45638. Local access is required to approach this attack. No exploit exists.
The affected component should be upgraded.
https://vuldb.com/vuln/369723
A vulnerability was found in Vmware Spring Security up to 5.7.24/5.8.26/6.3.17/6.4.17/6.5.10. It has been declared as critical. This vulnerability affects unknown code of the component x.509 Certificate Handler. Executing a manipulation can lead to improper authentication.
The identification of this vulnerability is CVE-2026-47838. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
https://vuldb.com/vuln/370055
A vulnerability marked as critical has been reported in MariaDB Server up to 10.6.26/10.11.17/11.4.11/11.8.7/12.3.1. This vulnerability affects unknown code of the component joiner Handler. The manipulation leads to os command injection.
This vulnerability is listed as CVE-2026-48163. The attack may be initiated remotely. There is no available exploit.
It is suggested to upgrade the affected component.
https://vuldb.com/vuln/370704
A vulnerability was found in MariaDB Server up to 10.6.26/10.11.17/11.4.11/11.8.7/12.3.1. It has been rated as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes os command injection.
This vulnerability is tracked as CVE-2026-49261. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is advised.
https://vuldb.com/vuln/370448
A vulnerability labeled as critical has been found in MariaDB Server up to 10.6.26/10.11.17/11.4.11/11.8.7/12.3.1. This affects an unknown part. Executing a manipulation can lead to os command injection.
This vulnerability is tracked as CVE-2026-48165. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.
https://vuldb.com/vuln/370703