Aggregator

CVE-2026-49197

CVE Trends
3 weeks 2 days ago
Currently trending CVE - Hype Score: 4 - Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks

Cyber Security News
3 weeks 2 days ago

OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces. Prompt injection, where malicious instructions are embedded in content processed by an […]

The post New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks appeared first on Cyber Security News.

Guru Baran

Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

Security Affairs
3 weeks 2 days ago
Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities. This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help the intelligence agency use Mythos, its most capable cyber model, for offensive operations. Two people […]
Pierluigi Paganini

CVE-2026-11459 | SecureAge CatchPulse up to 10.9.1 IOCTL saappctl.sys information disclosure

VulDB Recent Entries
3 weeks 2 days ago
A vulnerability identified as problematic has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-11459. Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-11458 | erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69 Boot Actuator Endpoint /base-boot/actuator information disclosure (EUVD-2026-34988)

VulDB Recent Entries
3 weeks 2 days ago
A vulnerability categorized as problematic has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2026-11458. The attack can be executed remotely. Additionally, an exploit exists. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-11457 | erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69 JimuReport test-connection Endpoint testConnection dbType/dbDriver/dbUrl/dbUsername/dbPassword injection (EUVD-2026-34987)

VulDB Recent Entries
3 weeks 2 days ago
A vulnerability was found in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. It has been rated as critical. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. This vulnerability is known as CVE-2026-11457. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-11456 | Chanjet CRM 1.0 HTTP GET Request jxf_dump_systable.php gblOrgID sql injection (EUVD-2026-34986)

VulDB Recent Entries
3 weeks 2 days ago
A vulnerability was found in Chanjet CRM 1.0. It has been declared as critical. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. This vulnerability is traded as CVE-2026-11456. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-11455 | FoundationAgents MetaGPT up to 0.8.2 metagpt/utils/common.py check_cmd_exists mermaid.path command injection (Issue 2037 / EUVD-2026-34985)

VulDB Recent Entries
3 weeks 2 days ago
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.2. It has been classified as critical. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. This vulnerability appears as CVE-2026-11455. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad