Aggregator

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was

Математика точно знает, когда вам пора перестать искать новые места.

A vulnerability classified as problematic has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. This vulnerability is tracked as CVE-2026-10705. The attack is possible to be carried out remotely. No exploit exists. The pull request to fix this issue awaits acceptance.

A vulnerability described as critical has been identified in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. This vulnerability is identified as CVE-2026-10704. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. This vulnerability is referenced as CVE-2026-10703. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #831411 / VDB-368018

Submit #831321 / VDB-368017

Submit #830957 / VDB-201888

Submit #830921 / VDB-368016

A vulnerability labeled as critical has been found in Dell ThinOS 10 10.0765. This impacts an unknown function. Executing a manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2026-40715. The attack can only be executed locally. There is no exploit available. The affected component should be upgraded.