Aggregator

Submit #808261 / VDB-362437

Submit #808257 / VDB-362436

Submit #808259 / VDB-362435

Submit #808252 / VDB-362435

A vulnerability, which was classified as critical, has been found in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. This vulnerability was named CVE-2026-8217. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2026-8216. The attack can be launched remotely. No exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. This vulnerability is handled as CVE-2026-8215. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. This vulnerability is known as CVE-2026-8214. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

В Москве 9 мая мобильный интернет пропал не только в центре, но и в удаленных районах, а часть разрешенных сервисов оказалась недоступна.

Submit #808262 / VDB-362434

Submit #808244 / VDB-362433

Submit #808242 / VDB-362432

Submit #808238 / VDB-362431

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 (CVSS score: 4.3) - An insufficient input validation of the feature file name in the "feature::LOADFEATUREFILE" adminbin call that could result

A vulnerability marked as critical has been reported in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-8213. An attack has to be approached locally. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability appears as CVE-2026-8212. The attack requires local access. In addition, an exploit is available. The affected component should be upgraded.

Submit #808128 / VDB-362430

Submit #808127 / VDB-362429

Ученые предложили связать фундаментальные константы физики с возможностью существования биологии.

A vulnerability identified as problematic has been detected in Pillow up to 12.1.x. Affected is an unknown function. Performing a manipulation results in integer overflow. This vulnerability is reported as CVE-2026-42308. The attack requires a local approach. No exploit exists. You should upgrade the affected component.