Aggregator

CVE-1999-1188 | MySQL 3.21 Log File privileges management (Nessus ID 17815 / XFDB-1568)

Vuldb Updates
4 days 20 hours ago
A vulnerability identified as problematic has been detected in MySQL 3.21. Affected by this vulnerability is an unknown functionality of the component Log File Handler. Performing a manipulation results in improper privilege management. This vulnerability is cataloged as CVE-1999-1188. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-31317 | Craftql up to 1.3.7 GetAssetsFieldSchema.php server-side request forgery (EUVD-2026-23428)

Vuldb Updates
4 days 20 hours ago
A vulnerability described as critical has been identified in Craftql up to 1.3.7. This issue affects some unknown processing of the file vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php. Such manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2026-31317. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2026-21709 | Veeam Backup and Replication/Software Appliance Windows Driver Signature Enforcement command injection (kb4830 / EUVD-2026-23438)

Vuldb Updates
4 days 20 hours ago
A vulnerability was found in Veeam Backup and Replication and Software Appliance and classified as critical. Affected is an unknown function of the component Windows Driver Signature Enforcement. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2026-21709. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-40515 | HKUDS OpenHarness Path Normalization authorization (EUVD-2026-23450)

Vuldb Updates
4 days 20 hours ago
A vulnerability was found in HKUDS OpenHarness. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Path Normalization Handler. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-40515. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2026-21733 | Imagination Graphics DDK up to 25.3 RTM GPU insufficient permissions or privileges (EUVD-2026-23446)

Vuldb Updates
4 days 20 hours ago
A vulnerability was found in Imagination Graphics DDK up to 1.17 RTM/1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. It has been rated as problematic. This affects an unknown part of the component GPU Handler. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is referenced as CVE-2026-21733. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-3464 | aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress ajax_attach_file path traversal (EUVD-2026-23448)

Vuldb Updates
4 days 20 hours ago
A vulnerability was found in aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress. It has been classified as critical. Affected by this vulnerability is the function ajax_attach_file. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-3464. The attack may be initiated remotely. There is no available exploit.
vuldb.com

CVE-2026-40516 | HKUDS OpenHarness HTTP Service web_fetch/web_search server-side request forgery (EUVD-2026-23452)

Vuldb Updates
4 days 20 hours ago
A vulnerability categorized as critical has been discovered in HKUDS OpenHarness. This vulnerability affects the function web_fetch/web_search of the component HTTP Service. The manipulation results in server-side request forgery. This vulnerability is identified as CVE-2026-40516. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.
vuldb.com

The Wall Around Claude 4.7 Does Not Extend to Dread

Security Boulevard
4 days 20 hours ago

Anthropic released Claude Opus 4.7 on April 16, 2026 with automated cybersecurity safeguards and a Cyber Verification Program. Dark web intelligence from the same week, a cross-vendor prompt injection disclosure published the same morning, and the unanswered policy question of who decides which defenders deserve access to frontier AI all point to the same conclusion: the wall is in the wrong place.

The post The Wall Around Claude 4.7 Does Not Extend to Dread appeared first on Security Boulevard.

Suzu Labs

CVE-2026-40516 | HKUDS OpenHarness HTTP Service web_fetch/web_search server-side request forgery (EUVD-2026-23452)

VulDB Recent Entries
4 days 20 hours ago
A vulnerability categorized as critical has been discovered in HKUDS OpenHarness. This vulnerability affects the function web_fetch/web_search of the component HTTP Service. The manipulation results in server-side request forgery. This vulnerability is identified as CVE-2026-40516. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2026-21733 | Imagination Graphics DDK up to 25.3 RTM GPU insufficient permissions or privileges (EUVD-2026-23446)

VulDB Recent Entries
4 days 20 hours ago
A vulnerability was found in Imagination Graphics DDK up to 1.17 RTM/1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. It has been rated as problematic. This affects an unknown part of the component GPU Handler. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is referenced as CVE-2026-21733. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-40515 | HKUDS OpenHarness Path Normalization authorization (EUVD-2026-23450)

VulDB Recent Entries
4 days 20 hours ago
A vulnerability was found in HKUDS OpenHarness. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Path Normalization Handler. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-40515. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2026-3464 | aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress ajax_attach_file path traversal (EUVD-2026-23448)

VulDB Recent Entries
4 days 20 hours ago
A vulnerability was found in aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress. It has been classified as critical. Affected by this vulnerability is the function ajax_attach_file. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-3464. The attack may be initiated remotely. There is no available exploit.
vuldb.com

CVE-2026-21709 | Veeam Backup and Replication/Software Appliance Windows Driver Signature Enforcement command injection (kb4830 / EUVD-2026-23438)

VulDB Recent Entries
4 days 20 hours ago
A vulnerability was found in Veeam Backup and Replication and Software Appliance and classified as critical. Affected is an unknown function of the component Windows Driver Signature Enforcement. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2026-21709. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

Managed ad