Aggregator

CVE-2025-70795 | STProcessMonitor up to 11.11.4.0 IOCTL denial of service (ID 268)

VulDB Recent Entries
5 days 5 hours ago
A vulnerability classified as problematic was found in STProcessMonitor up to 11.11.4.0. The affected element is an unknown function of the component IOCTL Handler. Executing a manipulation can lead to denial of service. This vulnerability appears as CVE-2025-70795. The attacker needs to be present on the local network. There is no available exploit. It is best practice to apply a patch to resolve this issue.
vuldb.com

SLH

Dark Feed IO
5 days 5 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 5 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 5 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 5 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 5 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 5 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 5 hours ago

You must login to view this content

cohenido

CVE-2026-40459 | PAC4J up to 4.5.9/5.7.9/6.4.0 LDAP Search ldap injection (EUVD-2026-23423)

VulDB Recent Entries
5 days 5 hours ago
A vulnerability classified as critical has been found in PAC4J up to 4.5.9/5.7.9/6.4.0. Impacted is an unknown function of the component LDAP Handler. Performing a manipulation of the argument Search results in ldap injection. This vulnerability is reported as CVE-2026-40459. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-31317 | Craftql up to 1.3.7 GetAssetsFieldSchema.php server-side request forgery (EUVD-2026-23428)

VulDB Recent Entries
5 days 5 hours ago
A vulnerability described as critical has been identified in Craftql up to 1.3.7. This issue affects some unknown processing of the file vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php. Such manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2026-31317. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2026-40458 | PAC4J up to 5.7.9/6.4.0 String.hashCode cross-site request forgery

VulDB Recent Entries
5 days 5 hours ago
A vulnerability marked as problematic has been reported in PAC4J up to 5.7.9/6.4.0. This vulnerability affects the function String.hashCode. This manipulation causes cross-site request forgery. This vulnerability is registered as CVE-2026-40458. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

Security Affairs
5 days 6 hours ago
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading […]
Pierluigi Paganini

Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face

Cyber Security News
5 days 6 hours ago

A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote code execution without authentication, making it a dangerous entry point for threat actors leveraging it to install a new variant of the NKAbuse malware […]

The post Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad