Aggregator

A vulnerability was found in GitLab Enterprise Edition up to 18.9.6/18.10.5/18.11.2. It has been declared as problematic. The impacted element is an unknown function of the component File Handler. The manipulation results in deserialization. This vulnerability is known as CVE-2026-1184. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.9.6/18.10.5/18.11.2. It has been rated as problematic. This affects the function read_api of the component Private Project Handler. This manipulation causes business logic errors. This vulnerability is handled as CVE-2026-1322. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dependencies

Authorities in Austria said

Спор о приватности быстро вышел за рамки обычной политической дискуссии.

Poland shifts away from Signal following cyberattacks on officials’ accounts

Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follows repeated cyberattacks targeting Signal accounts belonging to politicians, military personnel, and public servants. Officials believe the campaigns […]

疯狂！

A vulnerability, which was classified as critical, has been found in Redis. This affects an unknown function of the component Codec Encoder. This manipulation causes crlf injection. This vulnerability is handled as CVE-2026-42586. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in netty netty-codec-mqtt up to 4.1.133.Final/4.2.13.Final. It has been classified as problematic. This issue affects the function decodeVariableHeader of the component Properties Section. This manipulation causes resource consumption. This vulnerability is tracked as CVE-2026-44248. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Netty up to 1.0/1.1/4.1.133.Final/4.2.13.Final. The impacted element is an unknown function of the component HTTPObjectDecoder. Executing a manipulation can lead to http request smuggling. This vulnerability is registered as CVE-2026-42581. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in netty netty-codec-http up to 4.1.133.Final/4.2.13.Final. This impacts the function queue.poll. The manipulation results in http request smuggling. This vulnerability is reported as CVE-2026-42584. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in netty netty-codec-http up to 4.1.133.Final/4.2.13.Final. Affected is an unknown function. This manipulation causes http request smuggling. This vulnerability appears as CVE-2026-42585. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in MISP up to 2.5.36. Affected by this vulnerability is an unknown functionality. Executing a manipulation of the argument uuid can lead to improper input validation. This vulnerability appears as CVE-2026-44379. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in MISP up to 2.5.36 and classified as critical. This vulnerability affects unknown code. This manipulation causes sql injection. This vulnerability is handled as CVE-2026-44381. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in MISP up to 2.5.36. It has been declared as critical. The affected element is an unknown function. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-44380. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dataease SQLBot up to 1.7.x. It has been classified as critical. This affects an unknown function of the file /api/v1/datasource/exportDsSchema. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2026-42463. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in OPNsense up to 26.1.6 and classified as problematic. The affected element is the function lockout_handler of the component Username Handler. Performing a manipulation results in improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2026-44195. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.