Aggregator

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious n

YAMCS yamcs-core 5.12.7 - LDAP Injection

YAMCS yamcs-core 5.12.7 - User Enumeration

YAMCS yamcs-core 5.12.7 - No Rate Limiting

Notepad++ 8.9.6 - Arbitrary Code Execution

As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades.

A vulnerability classified as critical was found in x-image-bmp up to 0.40.x on Go. The impacted element is an unknown function of the component BMP File Handler. The manipulation results in improper validation of array index. This vulnerability is cataloged as CVE-2026-42500. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in verbb formie up to 2.2.20/3.1.25. The affected element is an unknown function of the file formie/submissions/save-submission. The manipulation leads to authorization bypass. This vulnerability is listed as CVE-2026-47266. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in TP-Link TL-SG108PE v5. Impacted is an unknown function of the component Configuration Parameter Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-34127. The attack can be launched remotely. No exploit exists.