GENESIS
You must login to view this content
Aggregator
CVE-2026-31317 | Craftql up to 1.3.7 GetAssetsFieldSchema.php server-side request forgery (EUVD-2026-23428)
5 days 1 hour ago
A vulnerability described as critical has been identified in Craftql up to 1.3.7. This issue affects some unknown processing of the file vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php. Such manipulation leads to server-side request forgery.
This vulnerability is documented as CVE-2026-31317. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-21709 | Veeam Backup and Replication/Software Appliance Windows Driver Signature Enforcement command injection (kb4830 / EUVD-2026-23438)
5 days 1 hour ago
A vulnerability was found in Veeam Backup and Replication and Software Appliance and classified as critical. Affected is an unknown function of the component Windows Driver Signature Enforcement. Such manipulation leads to command injection.
This vulnerability is uniquely identified as CVE-2026-21709. Local access is required to approach this attack. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-40515 | HKUDS OpenHarness Path Normalization authorization (EUVD-2026-23450)
5 days 1 hour ago
A vulnerability was found in HKUDS OpenHarness. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Path Normalization Handler. Executing a manipulation can lead to incorrect authorization.
The identification of this vulnerability is CVE-2026-40515. The attack may be launched remotely. There is no exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-21733 | Imagination Graphics DDK up to 25.3 RTM GPU insufficient permissions or privileges (EUVD-2026-23446)
5 days 1 hour ago
A vulnerability was found in Imagination Graphics DDK up to 1.17 RTM/1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. It has been rated as problematic. This affects an unknown part of the component GPU Handler. The manipulation leads to improper handling of insufficient permissions or privileges.
This vulnerability is referenced as CVE-2026-21733. The attack can only be performed from a local environment. No exploit is available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-3464 | aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress ajax_attach_file path traversal (EUVD-2026-23448)
5 days 1 hour ago
A vulnerability was found in aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress. It has been classified as critical. Affected by this vulnerability is the function ajax_attach_file. Performing a manipulation results in path traversal.
This vulnerability was named CVE-2026-3464. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-40516 | HKUDS OpenHarness HTTP Service web_fetch/web_search server-side request forgery (EUVD-2026-23452)
5 days 1 hour ago
A vulnerability categorized as critical has been discovered in HKUDS OpenHarness. This vulnerability affects the function web_fetch/web_search of the component HTTP Service. The manipulation results in server-side request forgery.
This vulnerability is identified as CVE-2026-40516. The attack can be executed remotely. There is not any exploit available.
It is best practice to apply a patch to resolve this issue.
vuldb.com
The Wall Around Claude 4.7 Does Not Extend to Dread
5 days 1 hour ago
Anthropic released Claude Opus 4.7 on April 16, 2026 with automated cybersecurity safeguards and a Cyber Verification Program. Dark web intelligence from the same week, a cross-vendor prompt injection disclosure published the same morning, and the unanswered policy question of who decides which defenders deserve access to frontier AI all point to the same conclusion: the wall is in the wrong place.
The post The Wall Around Claude 4.7 Does Not Extend to Dread appeared first on Security Boulevard.
Suzu Labs
Randall Munroe’s XKCD ‘Home Remedies’
5 days 1 hour ago
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Home Remedies’ appeared first on Security Boulevard.
Marc Handelman
Ключи от Gemini теперь в руках военных? Пентагон хочет доверить гостайну ИИ, который ошибается в каждом десятом ответе
5 days 1 hour ago
Военные США спасается от монополии подрядчиков с помощью сырых технологий.
French Basketball Federation Breached, 1.9 Million Members and 800K Parents Exposed With Addresses, Medical Certificates, and Minor Data
5 days 1 hour ago
French Basketball Federation Breached, 1.9 Million Members and 800K Parents Exposed With Addresses, Medical Certificates, and Minor Data
Dark Web Informer
CVE-2026-40516 | HKUDS OpenHarness HTTP Service web_fetch/web_search server-side request forgery (EUVD-2026-23452)
5 days 1 hour ago
A vulnerability categorized as critical has been discovered in HKUDS OpenHarness. This vulnerability affects the function web_fetch/web_search of the component HTTP Service. The manipulation results in server-side request forgery.
This vulnerability is identified as CVE-2026-40516. The attack can be executed remotely. There is not any exploit available.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2026-21733 | Imagination Graphics DDK up to 25.3 RTM GPU insufficient permissions or privileges (EUVD-2026-23446)
5 days 1 hour ago
A vulnerability was found in Imagination Graphics DDK up to 1.17 RTM/1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. It has been rated as problematic. This affects an unknown part of the component GPU Handler. The manipulation leads to improper handling of insufficient permissions or privileges.
This vulnerability is referenced as CVE-2026-21733. The attack can only be performed from a local environment. No exploit is available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-40515 | HKUDS OpenHarness Path Normalization authorization (EUVD-2026-23450)
5 days 1 hour ago
A vulnerability was found in HKUDS OpenHarness. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Path Normalization Handler. Executing a manipulation can lead to incorrect authorization.
The identification of this vulnerability is CVE-2026-40515. The attack may be launched remotely. There is no exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-3464 | aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress ajax_attach_file path traversal (EUVD-2026-23448)
5 days 1 hour ago
A vulnerability was found in aguilatechnologies WP Customer Area Plugin up to 8.3.4 on WordPress. It has been classified as critical. Affected by this vulnerability is the function ajax_attach_file. Performing a manipulation results in path traversal.
This vulnerability was named CVE-2026-3464. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-21709 | Veeam Backup and Replication/Software Appliance Windows Driver Signature Enforcement command injection (kb4830 / EUVD-2026-23438)
5 days 1 hour ago
A vulnerability was found in Veeam Backup and Replication and Software Appliance and classified as critical. Affected is an unknown function of the component Windows Driver Signature Enforcement. Such manipulation leads to command injection.
This vulnerability is uniquely identified as CVE-2026-21709. Local access is required to approach this attack. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-1999-1322 | CA ArcServe Backup Log File exchverify.log missing encryption
5 days 1 hour ago
A vulnerability has been found in CA ArcServe Backup and classified as problematic. Affected is an unknown function of the file exchverify.log of the component Log File Handler. The manipulation leads to missing encryption of sensitive data.
This vulnerability is referenced as CVE-1999-1322. The attack can only be performed from a local environment. No exploit is available.
The affected component should be upgraded.
vuldb.com
CVE-1999-0057 | Eric Allman Vacation Sendmail Command privileges management (HPSBUX9811-087 / Nessus ID 16657)
5 days 1 hour ago
A vulnerability was found in Eric Allman Vacation and classified as critical. Affected by this vulnerability is an unknown functionality of the component Sendmail Command Handler. The manipulation results in improper privilege management.
This vulnerability is identified as CVE-1999-0057. The attack can be executed remotely. There is not any exploit available.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-1999-0780 | KDE 1.0 klock denial of service
5 days 1 hour ago
A vulnerability was found in KDE 1.0. It has been classified as problematic. Affected by this issue is some unknown functionality of the component klock. This manipulation causes denial of service.
This vulnerability is tracked as CVE-1999-0780. The attack is restricted to local execution. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-1999-0781 | KDE 1.0 KDEDIR privileges management
5 days 1 hour ago
A vulnerability was found in KDE 1.0. It has been declared as problematic. This affects an unknown part. Such manipulation of the argument KDEDIR as part of Environment Variable leads to improper privilege management.
This vulnerability is listed as CVE-1999-0781. The attack must be carried out locally. There is no available exploit.
It is recommended to upgrade the affected component.
vuldb.com