Aggregator

CVE-2026-55204 | HAProxy up to 3.4.0 Dynamic Table src/hpack-tbl.c hpack_dht_insert null pointer dereference

1 week 1 day ago

A vulnerability marked as problematic has been reported in HAProxy up to 3.4.0. Affected by this vulnerability is the function hpack_dht_insert of the file src/hpack-tbl.c of the component Dynamic Table Handler. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-55204. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

Krebs on Security

1 week 1 day ago

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].

BrianKrebs

CVE-2026-38717 | InHand IR912/IR915 1.0.0.r20042 File Upload command injection

VulDB Recent Entries

1 week 1 day ago

A vulnerability labeled as critical has been found in InHand IR912 and IR915 1.0.0.r20042. Affected is an unknown function of the component File Upload Handler. The manipulation results in command injection. This vulnerability was named CVE-2026-38717. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2025-27511 | geoserver org..extension:gs-db2 up to 2.26.x deserialization (GHSA-g628-r368-6vh7)

VulDB Recent Entries

1 week 1 day ago

A vulnerability identified as problematic has been detected in geoserver org..extension:gs-db2 up to 2.26.x. This impacts an unknown function. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-27511. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

vuldb.com

CVE-2026-38715 | InHand IR912/IR915 1.0.0.r20042 command injection

VulDB Recent Entries

1 week 1 day ago

A vulnerability categorized as critical has been discovered in InHand IR912 and IR915 1.0.0.r20042. This affects an unknown function. Executing a manipulation can lead to command injection. This vulnerability is handled as CVE-2026-38715. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2026-38716 | InHand IR912/IR915 1.0.0.r20042 command injection

VulDB Recent Entries

1 week 1 day ago

A vulnerability was found in InHand IR912 and IR915 1.0.0.r20042. It has been rated as critical. The impacted element is an unknown function. Performing a manipulation results in command injection. This vulnerability is known as CVE-2026-38716. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2026-38714 | InHand IR912/IR915 1.0.0.r20042 Configuration command injection

VulDB Recent Entries

1 week 1 day ago

A vulnerability was found in InHand IR912 and IR915 1.0.0.r20042. It has been declared as critical. The affected element is an unknown function of the component Configuration Handler. Such manipulation leads to command injection. This vulnerability is traded as CVE-2026-38714. The attack may be launched remotely. There is no exploit available.

vuldb.com

ДНК из сибирских могил рассказала жуткую правду: чума выкашивала семьи за 5500 лет до того, как получила своё имя

Securitylab.ru

1 week 1 day ago

Кто бы мог подумать, что самая древняя вспышка случилась не в Европе, а в маленькой общине охотников у Байкала.

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

The Hackers News

1 week 1 day ago

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open Source is

The Hacker News

Drupal security advisory (AV26-615)

CCCS - Alerts and advisories

1 week 1 day ago

Canadian Centre for Cyber Security

New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise

Cyber Security News

1 week 1 day ago

A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the Synopsys DWC2 USB controller with a firmware configuration flaw, enabling full application processor boot-chain compromise with no software patch possible due to the immutable nature of BootROM code. According to Paradigm […]

The post New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise appeared first on Cyber Security News.

Guru Baran