Aggregator

Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities

A vulnerability was found in Softing OPC UA C++ SDK up to 6.9. It has been declared as critical. This impacts an unknown function of the component Array Handler. Executing a manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2022-37453. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Ricoh Aficio SP 4210N. This vulnerability affects unknown code. This manipulation causes cross site scripting. This vulnerability appears as CVE-2022-37406. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in Foxit PDF Reader and classified as critical. This affects the function deletePages of the component AcroForms Handler. Performing a manipulation results in use after free. This vulnerability was named CVE-2022-37391. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor and Resecurity, who said that its potential for full system compromise should push organizations to prioritize patching and review systems for indicators of compromise such as: Requests containing path traversal sequences (../) PostgreSQL connection parameters … More →

The post Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) appeared first on Help Net Security.

Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection. It uses risk analysis and challenge-based verification to help organizations identify automated activity and suspicious behavior. The service is commonly deployed on login pages, registration forms, password reset pages, and checkout systems, where it can allow … More →

The post Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures appeared first on Help Net Security.

В облаке нашли дыру, а в правилах вознаграждений внезапно выявилась лазейка.

CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. [...]

A vulnerability categorized as critical has been discovered in Gogs up to 0.13.0. Affected by this issue is some unknown functionality of the file internal/ssh/ssh.go of the component SSH Connection Handler. The manipulation results in argument injection. This vulnerability was named CVE-2024-39930. The attack may be performed from remote. In addition, an exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Gogs up to 0.13.0. This issue affects some unknown processing of the component Change Preview. Performing a manipulation results in argument injection. This vulnerability is identified as CVE-2024-39932. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Gogs up to 0.13.0. Impacted is an unknown function of the component New Release Handler. Executing a manipulation can lead to argument injection. This vulnerability is tracked as CVE-2024-39933. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in gogs up to 0.12.7 and classified as critical. Impacted is an unknown function. Performing a manipulation results in server-side request forgery. This vulnerability is identified as CVE-2022-1285. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Webmin up to 2.640. The impacted element is an unknown function. The manipulation results in use of single-factor authentication. This vulnerability was named CVE-2026-56022. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Webmin HTTP Server up to 2.640. The affected element is an unknown function of the file miniserv.pl of the component HTTP Header Handler. The manipulation results in authentication bypass by spoofing. This vulnerability is identified as CVE-2026-56020. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability marked as problematic has been reported in Webmin Director. The affected element is an unknown function. The manipulation leads to incorrect regular expression. This vulnerability is uniquely identified as CVE-2026-56021. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as CVE-2026-20253 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw CVE-2026-20253 is an improper authentication vulnerability in the PostgreSQL sidecar service of […]

The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time. It doesn't fit the problem anymore. Shadow AI has shifted from a data leakage concern to an access control problem. The threat isn't

Currently trending CVE - Hype Score: 6 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

Достаточно встать рядом с человеком в наушниках Beats.

SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers