Aggregator

A vulnerability identified as critical has been detected in Sonatype Nexus up to 2.7.1. The affected element is an unknown function of the component User Account. Performing a manipulation results in Remote Code Execution. This vulnerability is identified as CVE-2014-2034. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in Schneider Electric Unity Pro up to 6.0. The impacted element is an unknown function of the file ModbusDrv.exe of the component Serial Driver. Executing a manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2013-0662. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as problematic has been found in Oracle Database up to 4.2.5. The affected element is an unknown function of the component Application Express. This manipulation causes improper access controls. This vulnerability appears as CVE-2014-0050. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Endeca Information Discovery Studio 2.2.2/2.3/2.4/3.0/3.1 and classified as problematic. Impacted is an unknown function. Performing a manipulation results in improper access controls. This vulnerability is known as CVE-2014-0050. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The affected component should be upgraded.

A vulnerability classified as critical was found in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. This vulnerability was named CVE-2026-8211. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2026-8210. Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #804293 / VDB-362419

Submit #803594 / VDB-362418

A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and SORVEPOTEL families. It stands out because it uses a fake, signed Logitech installer to infect systems and spreads automatically via WhatsApp and Microsoft Outlook. The attack begins when a user downloads […]

The post TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules appeared first on Cyber Security News.

Видеокарты нового поколения сделали массовый взлом дешевле.

往期推荐：2026年国际AI安全报告（五）3.3.技术保障和监控在AI开发和使用的不同阶段，企业会采用各种技

AI虽然能显著提升安全运营中心（SOC）的效率，但不能弥补其根本性缺陷，更不能替代人类分析师的专业判断。

Hacktron的首席技术官使用Opus 4.6完成了针对Chrome浏览器V8 JS引擎的漏洞利用。

奇安信威胁情报中心监测到，攻击者趁着DeepSeek TUI项目热度上升，开始混水摸鱼，在Github上构造仿冒仓库，投递恶意软件。

A vulnerability described as critical has been identified in labring FastGPT up to 4.14.16. Affected is the function fetchData of the component HTTP Request Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-44286. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Emlog up to 2.6.10. This impacts an unknown function. Performing a manipulation results in cross-site request forgery. This vulnerability is known as CVE-2026-42286. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in labring FastGPT up to 4.14.16. This affects an unknown function of the component URL Handler. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-44284. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in anzory SolidCAM-GPPL-IDE up to 1.0.1. The impacted element is an unknown function of the component VMID Parser. This manipulation causes resource consumption. This vulnerability appears as CVE-2026-42212. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in roadiz core-bundle-dev-app up to 2.3.42/2.5.44/2.6.30/2.7.17. The affected element is the function OAuth2LinkGenerator::generate. The manipulation results in insufficient verification of data authenticity. This vulnerability is reported as CVE-2026-42206. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Syslifters sysreptor 2024.40/2025.83/2025.102/2026.27. It has been rated as critical. Impacted is an unknown function of the file /admin. The manipulation leads to improper privilege management. This vulnerability is documented as CVE-2026-44987. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.