Aggregator

INC

Dark Feed IO
1 week 5 days ago

You must login to view this content

cohenido

CVE-2026-50645 | Apache CXF up to 4.1.6/4.2.1 Attachment Header access control (EUVD-2026-36403)

Vuldb Updates
1 week 5 days ago
A vulnerability was found in Apache CXF up to 4.1.6/4.2.1. It has been classified as critical. This issue affects some unknown processing of the component Attachment Header Handler. Performing a manipulation results in improper access controls. This vulnerability was named CVE-2026-50645. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-50633 | Apache CXF up to 4.1.6/4.2.1 JNDI DispatchMDBMessageListenerImpl injection (EUVD-2026-36401)

Vuldb Updates
1 week 5 days ago
A vulnerability has been found in Apache CXF up to 4.1.6/4.2.1 and classified as critical. This affects the function DispatchMDBMessageListenerImpl of the component JNDI Handler. This manipulation causes injection. This vulnerability is handled as CVE-2026-50633. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-11848 | IEI Integration Corp iRM-TSi410X up to 1.4.18 System Configuration missing authentication (EUVD-2026-36409)

Vuldb Updates
1 week 5 days ago
A vulnerability was found in IEI Integration Corp iRM-TSi410X up to 1.4.18. It has been rated as critical. Impacted is an unknown function of the component System Configuration Handler. This manipulation causes missing authentication. This vulnerability appears as CVE-2026-11848. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2026-11849 | IEI Integration Corp iRM-TSi410X up to 1.4.18 hard-coded credentials (EUVD-2026-36410)

Vuldb Updates
1 week 5 days ago
A vulnerability categorized as critical has been discovered in IEI Integration Corp iRM-TSi410X up to 1.4.18. The affected element is an unknown function. Such manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2026-11849. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications

Cyber Security News
1 week 5 days ago

A new and dangerous credential-stealing tool called OnyxC2 has emerged in the cybercrime underground, showing just how easy it has become for even low-skilled attackers to run a professional hacking operation. Sold as a complete package for $250 a month, the malware gives buyers everything they need to quietly drain login data from victims worldwide. […]

The post Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad