Aggregator

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Hackers News
2 weeks ago
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an
The Hacker News

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

The Hackers News
2 weeks ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was
The Hacker News

CVE-2026-10705 | dask up to 3.0 HLL hyperloglog.py nunique_approx resource consumption (Issue 12403 / EUVD-2026-34064)

VulDB Recent Entries
2 weeks ago
A vulnerability classified as problematic has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. This vulnerability is tracked as CVE-2026-10705. The attack is possible to be carried out remotely. No exploit exists. The pull request to fix this issue awaits acceptance.
vuldb.com

CVE-2026-10704 | SourceCodester Pizzafy E-Commerce System 1.0 Administrative Control Panel admin_class_novo.php login Username sql injection (EUVD-2026-34063)

VulDB Recent Entries
2 weeks ago
A vulnerability described as critical has been identified in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. This vulnerability is identified as CVE-2026-10704. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-10703 | EIPStackGroup OpENer up to 2.3.0 SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free (Issue 566 / EUVD-2026-34062)

VulDB Recent Entries
2 weeks ago
A vulnerability marked as critical has been reported in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. This vulnerability is referenced as CVE-2026-10703. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad