Aggregator

A vulnerability was found in ImageMagick up to 6.9.13-45/7.1.2-20. It has been declared as critical. Impacted is an unknown function of the component MIFF File Handler. Such manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-42050. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in HAARG HTTP::Tiny up to 0.092 on Perl. The affected element is an unknown function of the component HTTP Request Handler. Performing a manipulation of the argument Host results in http response splitting. This vulnerability is reported as CVE-2026-7010. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in NVIDIA GeForce, RTX, Quadro, NVS, Tesla and Virtual GPU Manager on Linux. It has been rated as critical. The impacted element is an unknown function of the component Display Driver. Performing a manipulation results in incorrect conversion between numeric types. This vulnerability is reported as CVE-2026-24192. The attack requires a local approach. No exploit exists.

A vulnerability categorized as critical has been discovered in NVIDIA GeForce, RTX, Quadro, NVS and Tesla on Windows/Linux. This affects an unknown function of the component Display Driver. Executing a manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2026-24193. The attack requires local access. There is no available exploit.

A vulnerability classified as critical has been found in NVIDIA GeForce, RTX, Quadro, NVS, Tesla, Guest driver and Virtual GPU Manager on Windows. This affects an unknown part of the component Display Driver. Performing a manipulation results in time-of-check time-of-use. This vulnerability was named CVE-2026-24191. The attack needs to be approached locally. There is no available exploit.

A vulnerability was found in NVIDIA GeForce, RTX, Quadro, NVS, Tesla, Guest driver and Virtual GPU Manager on Windows/Linux. It has been classified as critical. This affects an unknown function of the component Display Driver. Performing a manipulation results in improper locking. This vulnerability is cataloged as CVE-2026-24182. The attack must be initiated from a local position. There is no exploit available.

A vulnerability categorized as critical has been discovered in NVIDIA GeForce, RTX, Quadro, NVS and Tesla on Windows/Linux. Impacted is an unknown function of the component Kernel Mode. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-24190. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in NVIDIA GeForce, RTX, Quadro, NVS, Tesla, Guest driver and Virtual GPU Manager on Linux. It has been declared as critical. The affected element is an unknown function. Such manipulation leads to use after free. This vulnerability is documented as CVE-2026-24187. The attack needs to be performed locally. There is not any exploit available.

A vulnerability marked as very critical has been reported in Eppendorf BioFlo 320. This vulnerability affects unknown code. Performing a manipulation results in use of hard-coded password. This vulnerability is known as CVE-2026-7251. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical has been found in Autodesk 3ds Max up to 2026.0/2027.0. This affects an unknown function of the component WRL File Handler. This manipulation causes uncontrolled recursion. This vulnerability is handled as CVE-2026-7453. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in IBM webMethods Integration Server. The affected element is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2025-14290. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in NVIDIA Merlin Transformers4Rec on Linux. The impacted element is an unknown function. Performing a manipulation results in deserialization. This vulnerability is identified as CVE-2026-24162. The attack is only possible with local access. There is not any exploit available.

A vulnerability marked as problematic has been reported in FastNetMon Community Edition up to 1.2.9. Affected by this vulnerability is the function append_dynamic_buffer/append_data_as_pointer/append_data_as_object_ptr/memcpy_from_ptr/memcpy_from_object_ptr of the file src/dynamic_binary_buffer.hpp. This manipulation causes off-by-one. This vulnerability is handled as CVE-2026-48689. The attack can only be done within the local network. There is not any exploit available.

A vulnerability described as critical has been identified in Autodesk 3ds Max up to 2026.0/2027.0. This issue affects some unknown processing of the component PAR File Handler. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2026-7450. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in xwiki xwiki-platform up to 16.10.16/17.4.8/17.10.2/18.0.x. It has been classified as critical. The impacted element is an unknown function of the file /wikis/ of the component API. The manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-33137. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in CryptPad up to 2026.2.0. Affected is the function sanitizer of the file Diffmarked.js of the component srcdoc Handler. Performing a manipulation of the argument src results in basic cross site scripting. This vulnerability is known as CVE-2026-26028. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]

Журналы тонут в фейковых исследованиях. И виноват тот, на кого все возлагали надежды.

A vulnerability was found in IBM HTTP Server 8.5/9.0 and classified as problematic. This issue affects some unknown processing. The manipulation results in untrusted pointer dereference. This vulnerability is cataloged as CVE-2026-8835. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in GPAC up to 2.4.0 and classified as problematic. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-9567. The attack needs to be approached locally. In addition, an exploit is available. It is advisable to implement a patch to correct this issue.