Aggregator

CVE-2026-44052 | Netatalk up to 4.4.2 LDAP log file (Nessus ID 315215)

Vuldb Updates
4 weeks 2 days ago
A vulnerability was found in Netatalk up to 4.4.2. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component LDAP. Performing a manipulation results in sensitive information in log files. This vulnerability is identified as CVE-2026-44052. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-44054 | Netatalk up to 4.4.2 afpd Session Token random values (Nessus ID 315215)

Vuldb Updates
4 weeks 2 days ago
A vulnerability was found in Netatalk up to 4.4.2. It has been rated as problematic. This affects an unknown part of the component afpd Session Token Handler. The manipulation leads to insufficiently random values. This vulnerability is listed as CVE-2026-44054. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

The 1 A.M. Cloud Migration Meltdown

Netscout
4 weeks 2 days ago
A lead architect for a global bank sits in a dark office at 1:00 a.m. Two hours ago, her team finished a final migration cutover, moving the bank’s core lending application from on-premises servers to a multicloud environment. On paper, everything checked out. Now her phone won’t stop vibrating. Severity-1 automated...
Anthony Cote

CVE-2026-8485 | Progress MOVEit Automation up to 2025.0.10/2025.1.6 memory allocation

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability was found in Progress MOVEit Automation up to 2025.0.10/2025.1.6. It has been classified as problematic. The affected element is an unknown function. Performing a manipulation results in uncontrolled memory allocation. This vulnerability is reported as CVE-2026-8485. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

The Hackers News
4 weeks 2 days ago
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme
The Hacker News

CVE-2026-47068 | phenixdigital phoenix_storybook up to 1.0.x Control Message component_iframe_live.ex Query authorization

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability was found in phenixdigital phoenix_storybook up to 1.0.x and classified as critical. Impacted is an unknown function in the library lib/phoenix_storybook/live/story/component_iframe_live.ex of the component Control Message Handler. Such manipulation of the argument Query leads to authorization bypass. This vulnerability is documented as CVE-2026-47068. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-8469 | phenixdigital phoenix_storybook up to 1.0.x attr allocation of resources

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability, which was classified as problematic, was found in phenixdigital phoenix_storybook up to 1.0.x. This vulnerability affects unknown code. The manipulation of the argument attr results in allocation of resources. This vulnerability is cataloged as CVE-2026-8469. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-8467 | phenixdigital phoenix_storybook up to 1.0.x Template String code injection

VulDB Recent Entries
4 weeks 2 days ago
A vulnerability, which was classified as critical, has been found in phenixdigital phoenix_storybook up to 1.0.x. This affects an unknown part of the component Template String Handler. The manipulation leads to code injection. This vulnerability is listed as CVE-2026-8467. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

Webworm APT targets European government organizations with new backdoors

Help Net Security
4 weeks 2 days ago

ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations into Europe. ESET observed Webworm targeting government organizations in Belgium, Italy, Poland, Serbia, and Spain during 2025. The group also expanded its activity into South Africa, where researchers identified activity involving a local university. Discord … More →

The post Webworm APT targets European government organizations with new backdoors appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2026-32244 | Discourse up to 2026.1.3/2026.3.0/2026.4.0 cache containing sensitive information (GHSA-hjmg-2mww-vfvx / CNNVD-202605-4266)

Vuldb Updates
4 weeks 2 days ago
A vulnerability was found in Discourse up to 2026.1.3/2026.3.0/2026.4.0 and classified as problematic. This issue affects some unknown processing. Executing a manipulation can lead to use of cache containing sensitive information. This vulnerability is tracked as CVE-2026-32244. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-32312 | glpi-project glpi up to 11.0.6 authorization (GHSA-cg63-qchq-q626 / CNNVD-202605-4267)

Vuldb Updates
4 weeks 2 days ago
A vulnerability categorized as problematic has been discovered in glpi-project glpi up to 11.0.6. This affects an unknown function. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-32312. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-45585 | Microsoft Windows 11 24H2/11 25H2/11 26H1/Server 2025 YellowKey command injection (WID-SEC-2026-1609 / CNNVD-202605-4268)

Vuldb Updates
4 weeks 2 days ago
A vulnerability categorized as critical has been discovered in Microsoft Windows 11 24H2/11 25H2/11 26H1/Server 2025. Affected by this issue is some unknown functionality. Executing a manipulation can lead to command injection. This vulnerability is registered as CVE-2026-45585. The physical device can be targeted for the attack. Furthermore, an exploit is available. It is best practice to apply a patch to resolve this issue.
vuldb.com

On AI Security

不安全
4 weeks 2 days ago
Good report:Executive Summary: Let’s say you wanted to make sure that your AI is secure.

Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware

Cyber Security News
4 weeks 2 days ago

Grafana Labs has disclosed a targeted ransomware-linked breach of its GitHub environment, traced to a broader TanStack npm supply chain compromise associated with the “Mini Shai-Hulud” campaign. The incident, detected on May 11, 2026, involved unauthorized access to internal repositories and culminated in a ransom demand issued on May 16 under threat of data disclosure. […]

The post Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware appeared first on Cyber Security News.

Abinaya

Managed ad