Aggregator

Submit #808238 / VDB-362431

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 (CVSS score: 4.3) - An insufficient input validation of the feature file name in the "feature::LOADFEATUREFILE" adminbin call that could result

A vulnerability marked as critical has been reported in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-8213. An attack has to be approached locally. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability appears as CVE-2026-8212. The attack requires local access. In addition, an exploit is available. The affected component should be upgraded.

Submit #808128 / VDB-362430

Submit #808127 / VDB-362429

Ученые предложили связать фундаментальные константы физики с возможностью существования биологии.

A vulnerability identified as problematic has been detected in Pillow up to 12.1.x. Affected is an unknown function. Performing a manipulation results in integer overflow. This vulnerability is reported as CVE-2026-42308. The attack requires a local approach. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in go-pkgz auth up to 1.25.1/2.1.1. This impacts an unknown function. Such manipulation leads to improper authentication. This vulnerability is documented as CVE-2026-42560. The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in HCL BigFix WebUI. It has been rated as problematic. This affects an unknown function. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-15634. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Pillow up to 12.1.x. It has been declared as problematic. The impacted element is an unknown function of the component PDF Handler. The manipulation results in infinite loop. This vulnerability is cataloged as CVE-2026-42310. The attack must be initiated from a local position. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Pillow up to 12.1.x. It has been classified as critical. The affected element is an unknown function. The manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2026-42309. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in HCL BigFix WebUI and classified as problematic. Impacted is an unknown function of the component Configuration Handler. Executing a manipulation can lead to incorrect authorization. This vulnerability is tracked as CVE-2025-15633. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Open-WebUI 0.5.16/0.6.33 and classified as problematic. This issue affects some unknown processing of the component Model Description Handler. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-44721. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in yoda.digital gitlab-mcp-server. This vulnerability affects unknown code. Such manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is referenced as CVE-2026-44895. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in banks. This affects an unknown part of the component Jinja2 Handler. This manipulation causes improper neutralization of special elements used in a template engine. The identification of this vulnerability is CVE-2026-44209. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

悬挂荷兰国旗的豪华游轮 MV Hondius 于 2026 年 4 月 1 日从阿根廷 Ushuaia 启航，目前正在西非沿岸航行。游轮上爆发的汉坦病毒疫情引发了广泛关注，至今共报告了 8 个病例，有 3 人死亡，其余 147 名乘客和船员未出现症状。西班牙同意为这艘游轮提供援助，它目前正从佛得角航行西班牙的 Canary 岛。卫生官员和传染病专家试图消除公众的恐慌，强调船上的疫情对外界的风险很低，WHO 的 Maria Van Kerkhove 称，这不是新冠病毒，也不是流感，它的传播方式截然不同。美国 CDC 也声明称美国公众面临的风险极低。汉坦病毒是一个庞大的家族，有旧世界汉坦病毒，还有新大陆汉坦病毒，游轮上传播的是主要分布于阿根廷的 Andes 病毒（ANDV）。人类主要是通过接触啮齿动物的排泄物感染汉坦病毒，人与人传播非常罕见，而 ANDV 是唯一的例外。ANDV 的人际传播需要密切且长时间的接触，潜伏期约 7-42 天。目前建议对可能接触过病毒的病例进行 42 天的隔离或主动监测。

Submit #806910 / VDB-360562

Submit #806908 / VDB-231896

A vulnerability categorized as critical has been discovered in Raoul Proenca Gnew 2013.1. Impacted is an unknown function. Such manipulation of the argument user_email leads to sql injection. This vulnerability is referenced as CVE-2013-7349. It is possible to launch the attack remotely. Furthermore, an exploit is available.