DragonForce
You must login to view this content
Aggregator
CVE-2026-33312 | vikunja up to 2.1.x background authorization (GHSA-564f-wx8x-878h / EUVD-2026-13708)
1 week ago
A vulnerability, which was classified as problematic, was found in vikunja up to 2.1.x. Affected by this vulnerability is an unknown functionality of the file /api/v1/projects/:project/background. Such manipulation leads to incorrect authorization.
This vulnerability is listed as CVE-2026-33312. The attack may be performed from remote. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2026-29794 | vikunja up to 2.1.x Header X-Forwarded-For reliance on untrusted inputs in a security decision (GHSA-m547-hp4w-j6jx / EUVD-2026-13706)
1 week ago
A vulnerability, which was classified as problematic, has been found in vikunja up to 2.1.x. Affected is an unknown function of the component Header Handler. This manipulation of the argument X-Forwarded-For causes reliance on untrusted inputs in a security decision.
This vulnerability is tracked as CVE-2026-29794. The attack is possible to be carried out remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-22172 | OpenClaw up to 2026.3.11 WebSocket Connect Path authorization (GHSA-rqpp-rjj8-7wv8 / EUVD-2026-13704)
1 week ago
A vulnerability classified as critical was found in OpenClaw up to 2026.3.11. This impacts an unknown function of the component WebSocket Connect Path Handler. The manipulation results in missing authorization.
This vulnerability is identified as CVE-2026-22172. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
Ubiquiti defect poses account takeover risk for UniFi Networking Application users
1 week ago
The maximum-severity vulnerability, which hasn’t been exploited in the wild yet, affects software customers use to manage networking devices.
The post Ubiquiti defect poses account takeover risk for UniFi Networking Application users appeared first on CyberScoop.
Matt Kapko
Qilin
1 week ago
You must login to view this content
cohenido
Радиосвязь — ахиллесова пята дронов: почему без стабильного канала самый умный робот превращается в груду железа
1 week ago
Чем умнее машина, тем критичнее для неё каждая миллисекунда задержки сигнала.
SecWiki News 2026-03-20 Review
1 week ago
算法战争:从美以对伊行动,看AI+情报的绝对价值 by ourren
Dr. Claw: 面向科研全流程的通用 AI 研究助手 by ourren
2025太空安全报告 by ourren
从AIIDE的架构演进,洞察AI工程化的设计逻辑 by ourren
Learn Claude Code -- 真正的 Agent Harness 工程 by ourren
ground-station:开源一站式卫星追踪与信号本地解码工具包 by ourren
更多最新文章,请访问SecWiki
Dr. Claw: 面向科研全流程的通用 AI 研究助手 by ourren
2025太空安全报告 by ourren
从AIIDE的架构演进,洞察AI工程化的设计逻辑 by ourren
Learn Claude Code -- 真正的 Agent Harness 工程 by ourren
ground-station:开源一站式卫星追踪与信号本地解码工具包 by ourren
更多最新文章,请访问SecWiki
Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins
1 week ago
Microsoft has acknowledged a significant bug introduced by its March 2026 cumulative update that is preventing users from signing into Microsoft Teams Free, OneDrive, and several other Microsoft applications on Windows 11 devices. The issue, tied to the KB5079473 update released on March 10, 2026, has left affected users locked out of their accounts despite […]
The post Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins appeared first on Cyber Security News.
Guru Baran
Weekly Threat Landscape Digest – Week 12
1 week ago
This week’s threat landscape highlights the evolving sophistication of threat actors, who are increasingly targeting newly disclosed and unpatched vulnerabilities. […]
The post Weekly Threat Landscape Digest – Week 12 appeared first on HawkEye.
Ben O
ENIAC 诞生八十周年
1 week ago
世界第一台通用计算机 ENIAC(代表 Electronic Numerical Integrator And Computer 或电子数值积分计算机) 诞生八十周年。1946 年 2 月 15 日宾夕法尼亚大学 Moore 电气工程学院研发的 ENIAC 首次公开亮相。以今天的标准,ENIAC 相当原始,但其纯电子设计和可编程性在当时是计算机领域的突破性进展。ENIAC 使高速通用计算成为可能,为现代计算机奠定了基础。过去八十年,计算机领域已发展成为一个庞然大物、成为现代经济增长的引擎。ENIAC 最初是为美国陆军加速计算火炮的火力表而研发的,包含了 17468 个电子管,由 80 台鼓风机进行冷却,重达 27 吨(30 美吨),耗电量相当于一个小镇,它于 1955 年 10 月 2 日运行九年后退役。
Oracle security advisory (AV26-261)
1 week ago
Canadian Centre for Cyber Security
Минцифры составило список "избранных" сайтов. Депутаты спросили: кто выбирал и по каким правилам?
1 week ago
КПРФ потребовала объяснить логику белых списков.
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
1 week ago
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities.
The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution.
"The POST /api/v1
The Hacker News
CISA orders feds to patch max-severity Cisco flaw by Sunday
1 week ago
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. [...]
Bill Toulas
Hackers Compromised 7,500+ Magento Websites to Upload Hidden Malicious Files and Steal Data
1 week ago
A sweeping cyberattack campaign has compromised more than 7,500 Magento-powered e-commerce websites since late February 2026, with attackers uploading hidden malicious files into publicly accessible web directories across thousands of domains. The attack has spread to over 15,000 hostnames, affecting commercial brands, government agencies, universities, and non-profit organizations spanning multiple countries, making it one of […]
The post Hackers Compromised 7,500+ Magento Websites to Upload Hidden Malicious Files and Steal Data appeared first on Cyber Security News.
Tushar Subhra Dutta
2268 кг бомба пробивает бетон, уходит вглубь и взрывается внутри — США применили GBU-72 против Ирана
1 week ago
Это самая мощная из авиационных проникающих бомб в арсенале страны.
Chainguard Assemble 2026 and the Security Factory Mindset
1 week ago
From golden images to agent governance, Chainguard Assemble 2026 focused on how teams can reduce risk by embedding trust, compliance, and security into delivery systems.
The post Chainguard Assemble 2026 and the Security Factory Mindset appeared first on Security Boulevard.
Dwayne McDaniel
BSidesSLC 2025 – Getting Things Fixed – Keynote On Security Wins (And Fails)
1 week ago
Author, Creator & Presenter: Scott Piper - Principal Cloud Security Researcher at Wiz
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – Getting Things Fixed – Keynote On Security Wins (And Fails) appeared first on Security Boulevard.
Marc Handelman
arXiv 的独立之路
1 week ago
预印本平台 arXiv.org 将于 7 月 1 日脱离康奈尔大学成立独立的非营利性公司,它正在招募 CEO。过去两年因为 AI 以及 AI 相关领域的火热 arXiv 收到的投稿数量激增,员工人数也增长到 27 人,导致出现了运营赤字,康奈尔大学帮助支付了超支。但 arXiv 在资金需求上与康奈尔内部项目存在竞争,而它在寻求赞助时对方会担心通过康奈尔捐赠的资金无法直接用于 arXiv 项目,成立独立机构就是为了解决该问题。此举有助于 arXiv 从更多的捐赠者手中直接筹集到用于该平台的资金,也有助于它解决投稿中的 AI slop 问题。分拆和独立运营是 arXiv 创始人、物理学家 Paul Ginsparg 最早提出的,Ginsparg 一直想退出和退休,独立运营也有助于他彻底放手。