Aggregator

CVE-2026-46391 | haxtheweb open-apis up to 25.x permissive list of allowed inputs (GHSA-4fg7-f244-3j49)

VulDB Recent Entries
2 weeks ago
A vulnerability classified as problematic was found in haxtheweb open-apis up to 25.x. Affected by this vulnerability is an unknown functionality. Such manipulation leads to permissive list of allowed inputs. This vulnerability is traded as CVE-2026-46391. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-45777 | ubccr xdmod up to 11.0.2 System Configuration os command injection (GHSA-29qm-7w4v-43fw)

VulDB Recent Entries
2 weeks ago
A vulnerability classified as critical has been found in ubccr xdmod up to 11.0.2. Affected is an unknown function of the component System Configuration Handler. This manipulation causes os command injection. This vulnerability appears as CVE-2026-45777. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-45776 | ubccr xdmod up to 11.0.2 HTTPS access control (GHSA-3hfh-m242-8rmh)

VulDB Recent Entries
2 weeks ago
A vulnerability labeled as critical has been found in ubccr xdmod up to 11.0.2. The impacted element is an unknown function of the component HTTPS Handler. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2026-45776. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-46398 | haxtheweb haxcms-php up to 25.x missing secure attribute (GHSA-g7v2-r32q-jf5v)

VulDB Recent Entries
2 weeks ago
A vulnerability identified as problematic has been detected in haxtheweb haxcms-php up to 25.x. The affected element is an unknown function. Performing a manipulation results in sensitive cookie without secure attribute. This vulnerability is cataloged as CVE-2026-46398. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-46399 | haxtheweb haxcms-nodejs/haxcms-php up to 25.x external control of setting (GHSA-q759-vxg8-vq5j)

VulDB Recent Entries
2 weeks ago
A vulnerability categorized as critical has been discovered in haxtheweb haxcms-nodejs and haxcms-php up to 25.x. Impacted is an unknown function. Such manipulation leads to external control of system or configuration setting. This vulnerability is listed as CVE-2026-46399. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-46395 | haxtheweb haxcms-nodejs up to 25.x PHP Backend hmacBase64 key information disclosure (GHSA-6c8g-9hfh-pq5h)

VulDB Recent Entries
2 weeks ago
A vulnerability was found in haxtheweb haxcms-nodejs up to 25.x. It has been rated as problematic. This issue affects the function hmacBase64 of the component PHP Backend. This manipulation of the argument key causes information disclosure. This vulnerability is tracked as CVE-2026-46395. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-11401 | Amazon AWS Advanced Go Wrapper up to 2026-05-26 GlobalDatabasePlugin untrusted search path (GHSA-r236-5pc3-3qcp)

VulDB Recent Entries
2 weeks ago
A vulnerability was found in Amazon AWS Advanced Go Wrapper up to 2026-05-26. It has been classified as problematic. This affects an unknown part of the component GlobalDatabasePlugin. The manipulation leads to untrusted search path. This vulnerability is referenced as CVE-2026-11401. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-11400 | Amazon AWS Advanced JDBC Wrapper up to 4.0.0 GlobalDatabasePlugin untrusted search path

VulDB Recent Entries
2 weeks ago
A vulnerability was found in Amazon AWS Advanced JDBC Wrapper up to 4.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component GlobalDatabasePlugin. Executing a manipulation can lead to untrusted search path. The identification of this vulnerability is CVE-2026-11400. The attack can only be executed locally. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-46400 | haxtheweb haxcms-php up to 24.x File Content unrestricted upload (GHSA-ffxv-9qv2-v2v8)

VulDB Recent Entries
2 weeks ago
A vulnerability has been found in haxtheweb haxcms-php up to 24.x and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Content Handler. Performing a manipulation results in unrestricted upload. This vulnerability was named CVE-2026-46400. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser

Cyber Security News
2 weeks ago

A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed. The package, named “parsimonius,” was crafted to look almost identical to the widely used “parsimonious” library, a popular Python tool for building expression grammar parsers. The single missing letter was no […]

The post Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser appeared first on Cyber Security News.

Tushar Subhra Dutta

Hackers are Increasingly Weaponizing Trusted Tools to Deploy Notorious Malware

Cyber Security News
2 weeks ago

Cybercriminals have found a clever and dangerous new way to slip past defenses. Instead of building custom attack tools that security software can flag, they are turning everyday system utilities into weapons. This shift is reshaping how attacks unfold, and the numbers are hard to ignore. According to ANY.RUN’s Q1 2026 Cyber Risk Report, based […]

The post Hackers are Increasingly Weaponizing Trusted Tools to Deploy Notorious Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

New Magecart Attack Turns Stripe into a Malware Command Server

Cyber Security News
2 weeks ago

A new form of credit card skimming malware has been discovered hiding inside one of the most trusted payment platforms on the internet. Researchers have found a Magecart attack that uses Stripe, the widely used online payment service, as both its command center and its data dump. Instead of pointing stolen card data to a […]

The post New Magecart Attack Turns Stripe into a Malware Command Server appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad