Aggregator

CVE-2026-53137 | Linux Kernel up to 7.0.12 drm mod_hdcp_read_rx_id_list out-of-bounds write (EUVD-2026-39342)

Vuldb Updates
4 days 15 hours ago
A vulnerability was found in Linux Kernel up to 7.0.12. It has been classified as critical. This impacts the function mod_hdcp_read_rx_id_list of the component drm. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-53137. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-54226 | Apache Kvrocks up to 2.15.0 integer overflow (EUVD-2026-39331)

Vuldb Updates
4 days 15 hours ago
A vulnerability classified as problematic has been found in Apache Kvrocks up to 2.15.0. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in integer overflow. This vulnerability is cataloged as CVE-2026-54226. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-53134 | Linux Kernel up to 7.0.12 netfilter _eval stack-based overflow (EUVD-2026-39339)

Vuldb Updates
4 days 15 hours ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 7.0.12. This impacts the function _eval of the component netfilter. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-53134. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-53082 | Linux Kernel up to 7.0.9 net sixpack_receive_buf infinite loop (Nessus ID 322722)

Vuldb Updates
4 days 15 hours ago
A vulnerability was found in Linux Kernel up to 7.0.9 and classified as critical. Affected by this issue is the function sixpack_receive_buf of the component net. The manipulation results in infinite loop. This vulnerability is known as CVE-2026-53082. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-10712 | GitLab Community Edition/Enterprise Edition up to 18.11.5/19.0.2/19.1.0 Path Validation cross site scripting (EUVD-2026-39171 / Nessus ID 322738)

Vuldb Updates
4 days 15 hours ago
A vulnerability categorized as problematic has been discovered in GitLab Community Edition and Enterprise Edition up to 18.11.5/19.0.2/19.1.0. This impacts an unknown function of the component Path Validation Handler. The manipulation results in cross site scripting. This vulnerability was named CVE-2026-10712. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-11379 | GitLab Enterprise Edition up to 18.11.5/19.0.2/19.1.0 authorization (Nessus ID 322739)

Vuldb Updates
4 days 15 hours ago
A vulnerability identified as problematic has been detected in GitLab Enterprise Edition up to 18.11.5/19.0.2/19.1.0. Affected is an unknown function. This manipulation causes incorrect authorization. The identification of this vulnerability is CVE-2026-11379. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA News
4 days 15 hours ago

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  

  • CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability
  • CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.

While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. 

CISA

ANY.RUN & Torq Integration: Scale Triage & Respond with Confidence

Anyrun
4 days 15 hours ago

Lack of alert context makes it difficult for Security Operations Centers (SOC) to distinguish actual threats from false positives. ANY.RUN’s integration with the Torq AI SOC Platform bridges this gap by delivering conclusive malware & phishing verdicts and actionable intelligence.   The result for your team is faster incident resolution, reduced alert fatigue, and proactive threat detection.  ANY.RUN & Torq […]

The post ANY.RUN & Torq Integration: Scale Triage & Respond with Confidence appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

Managed ad