DragonForce
You must login to view this content
Aggregator
CVE-2026-32989 | Precurio Intranet Portal 4.4 cross-site request forgery
1 week ago
A vulnerability was found in Precurio Intranet Portal 4.4. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery.
This vulnerability is documented as CVE-2026-32989. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-67260 | Terrapack TKServerCGI/TpkWebGIS Client unrestricted upload
1 week ago
A vulnerability was found in Terrapack TKServerCGI and TpkWebGIS Client and classified as critical. This affects an unknown part. Executing a manipulation can lead to unrestricted upload.
This vulnerability is registered as CVE-2025-67260. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
DragonForce
1 week ago
You must login to view this content
cohenido
CVE-2026-4519 | Python CPython up to 3.14.x API webbrowser.open (ID 143930 / EUVD-2026-13712)
1 week ago
A vulnerability has been found in Python CPython up to 3.14.x and classified as problematic. Affected by this issue is the function webbrowser.open of the component API. Performing a manipulation results in an unknown weakness.
This vulnerability is cataloged as CVE-2026-4519. The attack must be initiated from a local position. There is no exploit available.
The affected component should be upgraded.
vuldb.com
DragonForce
1 week ago
You must login to view this content
cohenido
CVE-2026-33312 | vikunja up to 2.1.x background authorization (GHSA-564f-wx8x-878h / EUVD-2026-13708)
1 week ago
A vulnerability, which was classified as problematic, was found in vikunja up to 2.1.x. Affected by this vulnerability is an unknown functionality of the file /api/v1/projects/:project/background. Such manipulation leads to incorrect authorization.
This vulnerability is listed as CVE-2026-33312. The attack may be performed from remote. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2026-29794 | vikunja up to 2.1.x Header X-Forwarded-For reliance on untrusted inputs in a security decision (GHSA-m547-hp4w-j6jx / EUVD-2026-13706)
1 week ago
A vulnerability, which was classified as problematic, has been found in vikunja up to 2.1.x. Affected is an unknown function of the component Header Handler. This manipulation of the argument X-Forwarded-For causes reliance on untrusted inputs in a security decision.
This vulnerability is tracked as CVE-2026-29794. The attack is possible to be carried out remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-22172 | OpenClaw up to 2026.3.11 WebSocket Connect Path authorization (GHSA-rqpp-rjj8-7wv8 / EUVD-2026-13704)
1 week ago
A vulnerability classified as critical was found in OpenClaw up to 2026.3.11. This impacts an unknown function of the component WebSocket Connect Path Handler. The manipulation results in missing authorization.
This vulnerability is identified as CVE-2026-22172. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
Ubiquiti defect poses account takeover risk for UniFi Networking Application users
1 week ago
The maximum-severity vulnerability, which hasn’t been exploited in the wild yet, affects software customers use to manage networking devices.
The post Ubiquiti defect poses account takeover risk for UniFi Networking Application users appeared first on CyberScoop.
Matt Kapko
Qilin
1 week ago
You must login to view this content
cohenido
Радиосвязь — ахиллесова пята дронов: почему без стабильного канала самый умный робот превращается в груду железа
1 week ago
Чем умнее машина, тем критичнее для неё каждая миллисекунда задержки сигнала.
SecWiki News 2026-03-20 Review
1 week ago
算法战争:从美以对伊行动,看AI+情报的绝对价值 by ourren
Dr. Claw: 面向科研全流程的通用 AI 研究助手 by ourren
2025太空安全报告 by ourren
从AIIDE的架构演进,洞察AI工程化的设计逻辑 by ourren
Learn Claude Code -- 真正的 Agent Harness 工程 by ourren
ground-station:开源一站式卫星追踪与信号本地解码工具包 by ourren
更多最新文章,请访问SecWiki
Dr. Claw: 面向科研全流程的通用 AI 研究助手 by ourren
2025太空安全报告 by ourren
从AIIDE的架构演进,洞察AI工程化的设计逻辑 by ourren
Learn Claude Code -- 真正的 Agent Harness 工程 by ourren
ground-station:开源一站式卫星追踪与信号本地解码工具包 by ourren
更多最新文章,请访问SecWiki
Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins
1 week ago
Microsoft has acknowledged a significant bug introduced by its March 2026 cumulative update that is preventing users from signing into Microsoft Teams Free, OneDrive, and several other Microsoft applications on Windows 11 devices. The issue, tied to the KB5079473 update released on March 10, 2026, has left affected users locked out of their accounts despite […]
The post Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins appeared first on Cyber Security News.
Guru Baran
Weekly Threat Landscape Digest – Week 12
1 week ago
This week’s threat landscape highlights the evolving sophistication of threat actors, who are increasingly targeting newly disclosed and unpatched vulnerabilities. […]
The post Weekly Threat Landscape Digest – Week 12 appeared first on HawkEye.
Ben O
ENIAC 诞生八十周年
1 week ago
世界第一台通用计算机 ENIAC(代表 Electronic Numerical Integrator And Computer 或电子数值积分计算机) 诞生八十周年。1946 年 2 月 15 日宾夕法尼亚大学 Moore 电气工程学院研发的 ENIAC 首次公开亮相。以今天的标准,ENIAC 相当原始,但其纯电子设计和可编程性在当时是计算机领域的突破性进展。ENIAC 使高速通用计算成为可能,为现代计算机奠定了基础。过去八十年,计算机领域已发展成为一个庞然大物、成为现代经济增长的引擎。ENIAC 最初是为美国陆军加速计算火炮的火力表而研发的,包含了 17468 个电子管,由 80 台鼓风机进行冷却,重达 27 吨(30 美吨),耗电量相当于一个小镇,它于 1955 年 10 月 2 日运行九年后退役。
Oracle security advisory (AV26-261)
1 week ago
Canadian Centre for Cyber Security
Минцифры составило список "избранных" сайтов. Депутаты спросили: кто выбирал и по каким правилам?
1 week ago
КПРФ потребовала объяснить логику белых списков.
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
1 week ago
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities.
The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution.
"The POST /api/v1
The Hacker News
CISA orders feds to patch max-severity Cisco flaw by Sunday
1 week ago
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. [...]
Bill Toulas