Aggregator

CVE-2025-38135 | Linux Kernel up to 6.15.2 serial mlb_usio_probe null pointer dereference (EUVD-2025-19808 / Nessus ID 249177)

Vuldb Updates
1 week 5 days ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.15.2. Impacted is the function mlb_usio_probe of the component serial. Performing a manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38135. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2025-54502

CVE Trends
1 week 5 days ago
Currently trending CVE - Hype Score: 1 - Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

CVE-2024-1086

CVE Trends
1 week 5 days ago
Currently trending CVE - Hype Score: 16 - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can ...

CVE-2025-8088

CVE Trends
1 week 5 days ago
Currently trending CVE - Hype Score: 1 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

Breaking Opus 4.7 with ChatGPT (Hacking Claude's Memory)

Embrace The Red
1 week 5 days ago

In this post, we explore how ChatGPT generated an adversarial image that hijacked my Claude Opus 4.7 to invoke the memory tool and persist false memories for future chats.

This matters because Opus 4.6+ is genuinely a lot harder to attack than previous models, but it still fell for a ChatGPT generated image. A trick that works well with reasoning models is to challenge them with puzzles.

Indirect Prompt Injection and Alignment Progress

Claude Opus 4.6+ is more resilient against basic attacks, and reasons before taking actions. This means that most of the well-known, basic adversarial examples and attacks typically do not work.

CVE-2026-40286 | LabRedesCefetRJ WeGIA up to 3.6.9 Member Name cross site scripting (GHSA-42rc-rvrx-cmmw / EUVD-2026-23531)

VulDB Recent Entries
1 week 5 days ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.6.9. It has been classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Member Name leads to cross site scripting. This vulnerability is traded as CVE-2026-40286. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-40284 | LabRedesCefetRJ WeGIA up to 3.6.9 Destinatário cross site scripting (GHSA-mccp-8446-phw5 / EUVD-2026-23527)

VulDB Recent Entries
1 week 5 days ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.6.9 and classified as problematic. Affected by this vulnerability is an unknown functionality. Executing a manipulation of the argument Destinatário can lead to cross site scripting. This vulnerability appears as CVE-2026-40284. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-40527 | radareorg radare2 ELF DW_TAG_formal_parameter os command injection (EUVD-2026-23534)

VulDB Recent Entries
1 week 5 days ago
A vulnerability has been found in radareorg radare2 and classified as critical. Affected is the function DW_TAG_formal_parameter of the component ELF Handler. Performing a manipulation results in os command injection. This vulnerability is reported as CVE-2026-40527. The attack requires a local approach. No exploit exists. It is suggested to install a patch to address this issue.
vuldb.com

CVE-2026-40474 | wger-project wger up to 2.4 Configuration config.change_gymconfig save access control

VulDB Recent Entries
1 week 5 days ago
A vulnerability, which was classified as critical, was found in wger-project wger up to 2.4. This impacts the function Save of the file config.change_gymconfig of the component Configuration Handler. Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2026-40474. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-5720 | miniupnp project miniupnpd up to 2.3.9 HTTP Request ParseHttpHeaders integer underflow (EUVD-2026-23565 / Nessus ID 307450)

VulDB Recent Entries
1 week 5 days ago
A vulnerability, which was classified as critical, has been found in miniupnp project miniupnpd up to 2.3.9. This affects the function ParseHttpHeaders of the component HTTP Request Handler. This manipulation causes integer underflow. This vulnerability is registered as CVE-2026-5720. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-40285 | LabRedesCefetRJ WeGIA up to 3.6.9 POST Parameter UsuarioDAO.php verificarDespacho cpf_usuario sql injection (GHSA-666r-v2m7-xgp9 / EUVD-2026-23529)

VulDB Recent Entries
1 week 5 days ago
A vulnerability classified as critical was found in LabRedesCefetRJ WeGIA up to 3.6.9. The impacted element is the function DespachoControle::verificarDespacho of the file dao/memorando/UsuarioDAO.php of the component POST Parameter Handler. The manipulation of the argument cpf_usuario results in sql injection. This vulnerability is cataloged as CVE-2026-40285. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-40299 | amannn next-intl up to 4.9.0 WHATWG URL Parser redirect (GHSA-8f24-v5vv-gm5j)

VulDB Recent Entries
1 week 5 days ago
A vulnerability classified as problematic has been found in amannn next-intl up to 4.9.0. The affected element is an unknown function of the component WHATWG URL Parser. The manipulation leads to open redirect. This vulnerability is listed as CVE-2026-40299. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-35603 | Anthropic claude-code up to 2.1.74 on Windows Configuration managed-settings.json untrusted search path (GHSA-5cwg-9f6j-9jvx / EUVD-2026-23520)

VulDB Recent Entries
1 week 5 days ago
A vulnerability described as problematic has been identified in Anthropic claude-code up to 2.1.74 on Windows. Impacted is an unknown function of the file C:\ProgramData\ClaudeCode\managed-settings.json of the component Configuration Handler. Executing a manipulation can lead to untrusted search path. This vulnerability is tracked as CVE-2026-35603. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-40353 | wger-project wger up to 2.4 attribution_link license_author cross site scripting

VulDB Recent Entries
1 week 5 days ago
A vulnerability labeled as problematic has been found in wger-project wger up to 2.4. This vulnerability affects the function attribution_link. Such manipulation of the argument license_author leads to cross site scripting. This vulnerability is referenced as CVE-2026-40353. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-35402 | neo4j-contrib mcp-neo4j up to 0.5.x APOC CALL read_only access control (GHSA-x3cv-r3g3-fpg9 / EUVD-2026-23518)

VulDB Recent Entries
1 week 5 days ago
A vulnerability identified as critical has been detected in neo4j-contrib mcp-neo4j up to 0.5.x. This affects the function read_only of the component APOC CALL Handler. This manipulation causes improper access controls. The identification of this vulnerability is CVE-2026-35402. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-29013 | libcoap up to 4.3.5a CBOR Parser src/oscore/oscore_cbor.c get_byte_inc out-of-bounds (EUVD-2026-23535)

VulDB Recent Entries
1 week 5 days ago
A vulnerability categorized as problematic has been discovered in libcoap up to 4.3.5a. Affected by this issue is the function get_byte_inc of the file src/oscore/oscore_cbor.c of the component CBOR Parser. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2026-29013. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

Managed ad