Aggregator

CVE-2026-35559 | Amazon Athena ODBC Driver 2.0.5.1 Query Processing out-of-bounds write (EUVD-2026-18853)

VulDB Recent Entries
2 days 12 hours ago
A vulnerability was found in Amazon Athena ODBC Driver 2.0.5.1. It has been declared as critical. The impacted element is an unknown function of the component Query Processing. Executing a manipulation can lead to out-of-bounds write. This vulnerability is handled as CVE-2026-35559. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-25742 | Zulip up to 11.5 File Content authorization

VulDB Recent Entries
2 days 12 hours ago
A vulnerability was found in Zulip up to 11.5. It has been classified as problematic. The affected element is an unknown function of the component File Content Handler. Performing a manipulation results in missing authorization. This vulnerability is known as CVE-2026-25742. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2017-20237 | Belden Hirschmann Industrial HiVision up to 06.0.06/06.0.6/07.0.02/07.0.2 Master Service improper authentication (EUVD-2017-18953)

VulDB Recent Entries
2 days 12 hours ago
A vulnerability was found in Belden Hirschmann Industrial HiVision up to 06.0.06/06.0.6/07.0.02/07.0.2 and classified as critical. Impacted is an unknown function of the component Master Service. Such manipulation leads to improper authentication. This vulnerability is traded as CVE-2017-20237. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-31403 | Linux Kernel up to 7.0-rc4 NFSD /proc/fs/nfs/exports exports_proc_open file descriptor consumption (EUVD-2026-18788)

Vuldb Updates
2 days 12 hours ago
A vulnerability was found in Linux Kernel up to 7.0-rc4. It has been classified as critical. This vulnerability affects the function exports_proc_open of the file /proc/fs/nfs/exports of the component NFSD. This manipulation causes uncontrolled file descriptor consumption. This vulnerability is handled as CVE-2026-31403. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-5470 | mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent URL server-side request forgery (EUVD-2026-18798)

Vuldb Updates
2 days 12 hours ago
A vulnerability was found in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. It has been classified as critical. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protocol Handler. The manipulation of the argument URL leads to server-side request forgery. This vulnerability is listed as CVE-2026-5470. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-5471 | Investory Toy Planet Trouble App up to 1.5.5 on Android app.investory.toyfactory google-services-desktop.json current_key hard-coded key (EUVD-2026-18799)

Vuldb Updates
2 days 12 hours ago
A vulnerability was found in Investory Toy Planet Trouble App up to 1.5.5 on Android. It has been declared as problematic. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current_key results in use of hard-coded cryptographic key . This vulnerability is cataloged as CVE-2026-5471. The attack must be initiated from a local position. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-31404 | Linux Kernel up to 6.18.19/6.19.9/7.0-rc4 NFSD svc_export_put null pointer dereference (EUVD-2026-18790)

Vuldb Updates
2 days 12 hours ago
A vulnerability was found in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4 and classified as critical. This issue affects the function svc_export_put of the component NFSD. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-31404. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-5472 | ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 Profile Picture settings.php File unrestricted upload (EUVD-2026-18803)

Vuldb Updates
2 days 12 hours ago
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. It has been rated as critical. The affected element is an unknown function of the file /admin_panel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestricted upload. This vulnerability is registered as CVE-2026-5472. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
vuldb.com

CVE-2026-5484 | BookStackApp BookStack up to 26.03 Chapter Export ExportFormatter.php chapterToMarkdown pages access control (EUVD-2026-18819)

Vuldb Updates
2 days 12 hours ago
A vulnerability categorized as problematic has been discovered in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. This vulnerability is registered as CVE-2026-5484. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
vuldb.com

ShinyHunters Claims Rebooted BreachForums Now More Secure

DataBreachToday.com
2 days 12 hours ago
Group Resurrects Hacker Site Despite Multiple Law Enforcement Disruptions
Drama continues to come fast and furious in BreachForums land, as the ShinyHunters group announced that it's rebooted the long-running and oft-disrupted forum yet again, just weeks after it got hacked and its databases dumped, leading the previous admin to allegedly exit scam and steal $4,000.

AI's Achilles Heel is an Oil Shipping Strait

DataBreachToday.com
2 days 12 hours ago
A Shipping Crisis in the Middle East Is Now a Chip Crisis Everywhere Else
The Strait of Hormuz crisis is amplifying a supply crunch in the specialist memory chips that power AI, and analysts say the industry's concentration in South Korea makes the timing particularly uncomfortable.

Stryker Tells Customers Manufacturing Systems Restored

DataBreachToday.com
2 days 12 hours ago
Device Maker Is Still Investigating March 11 Attack Claimed by Iranian Hacktivists
Medical tech maker Stryker said it has restored its systems and is operational across its global manufacturing network three weeks after a wiper attack by Iranian hacktivist group Handala led to a worldwide outage at the company. The firm is continuing to investigate the incident.

ISMG Editors: Vendor Breaches Expose Healthcare Risk

DataBreachToday.com
2 days 12 hours ago
Also: RSAC Speakers Warn AI Is Outpacing Security, DoD's Zero Trust Reality Check
In this week's panel, four ISMG editors discussed growing cyber risks in healthcare following recent vendor breaches, key takeaways from RSAC Conference and whether the Pentagon's zero trust push is delivering real security benefits or just checking off boxes.

Gen AI Stalls, Shadow AI Rises: A CISO Concern

DataBreachToday.com
2 days 12 hours ago
Going Beyond the Copilot Pilot - A CISO's Perspective
With 60% of businesses piloting M365 Copilot but only 6% scaling, this webinar explores why gen AI deployments stall — and what CISOs and IT leaders must know to roll out secure, compliant, and effective AI productivity tools.

How to protect your data with Agentic AI

Security Boulevard
2 days 12 hours ago

How Secure is Your Organization’s Approach to Non-Human Identities? Have you ever considered the scale of machine identities within your organization? With the expansive growth of digital, Non-Human Identities (NHIs) are becoming crucial in effective data protection strategies. These machine identities are essentially technological constructs that necessitate vigilance, given their pivotal role in accessing sensitive […]

The post How to protect your data with Agentic AI appeared first on Entro.

The post How to protect your data with Agentic AI appeared first on Security Boulevard.

Alison Mack

What makes Non-Human Identities safe for companies

Security Boulevard
2 days 12 hours ago

Have You Ever Considered How Securing Non-Human Identities Could Transform Your Organization? Non-Human Identities (NHIs) security is increasingly crucial across various sectors, from financial services to healthcare and beyond. These machine identities are not mere technical entities but fundamental components that define a company’s cybersecurity. By understanding and managing NHIs effectively, organizations can bridge the […]

The post What makes Non-Human Identities safe for companies appeared first on Entro.

The post What makes Non-Human Identities safe for companies appeared first on Security Boulevard.

Alison Mack

Managed ad