Aggregator
6 миллиардов на Wi-Fi. Отключение интернета в Москве внезапно обогатило рестораторов
1 day 5 hours ago
Как ограничения сигнала случайно озолотили московский общепит.
CVE-2019-25623 | Pixarra Luminance Studio 2.17 Keyboard Interface improper restriction of names for files and other resources (Exploit 46130 / EDB-46130)
1 day 5 hours ago
A vulnerability, which was classified as problematic, was found in Pixarra Luminance Studio 2.17. Impacted is an unknown function of the component Keyboard Interface. Executing a manipulation can lead to improper restriction of names for files and other resources.
This vulnerability is tracked as CVE-2019-25623. The attack is restricted to local execution. Moreover, an exploit is present.
vuldb.com
CVE-2019-25622 | Pixarra Paint Studio 2.17 improper validation of specified index, position, or offset in input (Exploit 46126 / EDB-46126)
1 day 5 hours ago
A vulnerability, which was classified as problematic, has been found in Pixarra Paint Studio 2.17. This issue affects some unknown processing. Performing a manipulation results in improper validation of specified index, position, or offset in input.
This vulnerability is identified as CVE-2019-25622. The attack is only possible with local access. Additionally, an exploit exists.
vuldb.com
CVE-2019-25621 | Pixarra Pixel Studio 2.17 Keyboard Interface reliance on untrusted inputs in a security decision (Exploit 46127 / EDB-46127)
1 day 5 hours ago
A vulnerability classified as problematic was found in Pixarra Pixel Studio 2.17. This vulnerability affects unknown code of the component Keyboard Interface. Such manipulation leads to reliance on untrusted inputs in a security decision.
This vulnerability is referenced as CVE-2019-25621. The attack can only be performed from a local environment. Furthermore, an exploit is available.
vuldb.com
CVE-2019-25620 | Pixarra Tree Studio 2.17 Keyboard Interface inconsistent special elements (Exploit 46125 / EDB-46125)
1 day 5 hours ago
A vulnerability classified as problematic has been found in Pixarra Tree Studio 2.17. This affects an unknown part of the component Keyboard Interface. This manipulation causes improper handling of inconsistent special elements.
The identification of this vulnerability is CVE-2019-25620. The attack can only be executed locally. Furthermore, there is an exploit available.
vuldb.com
CVE-2026-3635 | Fastify up to 5.8.2 request.protocol/request.host X-Forwarded-Proto/X-Forwarded-Host less trusted source (GHSA-444r-cwp2-x5xf)
1 day 5 hours ago
A vulnerability described as problematic has been identified in Fastify up to 5.8.2. Affected by this issue is the function request.protocol/request.host. The manipulation of the argument X-Forwarded-Proto/X-Forwarded-Host results in use of less trusted source.
This vulnerability was named CVE-2026-3635. The attack needs to be approached within the local network. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-4645 | antchfx xpath Boolean XPath Expression infinite loop (ID 121)
1 day 5 hours ago
A vulnerability marked as problematic has been reported in antchfx xpath. Affected by this vulnerability is an unknown functionality of the component Boolean XPath Expression Handler. The manipulation leads to infinite loop.
This vulnerability is uniquely identified as CVE-2026-4645. The attack is possible to be carried out remotely. No exploit exists.
Applying a patch is the recommended action to fix this issue.
vuldb.com
CVE-2026-33351 | WWBN AVideo up to 25.x saveDVR.json.php file_get_contents webSiteRootURL server-side request forgery (GHSA-5f7v-4f6g-74rj)
1 day 5 hours ago
A vulnerability labeled as critical has been found in WWBN AVideo up to 25.x. Affected is the function file_get_contents of the file plugin/Live/standAloneFiles/saveDVR.json.php. Executing a manipulation of the argument webSiteRootURL can lead to server-side request forgery.
This vulnerability is handled as CVE-2026-33351. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-33297 | WWBN AVideo up to 25.x setPassword.json.php Password authorization (GHSA-6547-8hrg-c55m)
1 day 5 hours ago
A vulnerability identified as problematic has been detected in WWBN AVideo up to 25.x. This impacts an unknown function of the file setPassword.json.php. Performing a manipulation of the argument Password results in authorization bypass.
This vulnerability is known as CVE-2026-33297. Remote exploitation of the attack is possible. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2026-4647 | GNU Biutils BFD Library out-of-bounds
1 day 5 hours ago
A vulnerability categorized as problematic has been discovered in GNU Biutils. This affects an unknown function of the component BFD Library. Such manipulation leads to out-of-bounds read.
This vulnerability is traded as CVE-2026-4647. An attack has to be approached locally. There is no exploit available.
vuldb.com
CVE-2026-33352 | WWBN AVideo up to 25.x Request Parameter objects/category.php getAllCategories sql injection (GHSA-mcj5-6qr4-95fj)
1 day 5 hours ago
A vulnerability was found in WWBN AVideo up to 25.x. It has been rated as critical. The impacted element is the function getAllCategories of the file objects/category.php of the component Request Parameter Handler. This manipulation causes sql injection.
This vulnerability appears as CVE-2026-33352. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
Citrix security advisory (AV26-267)
1 day 5 hours ago
Canadian Centre for Cyber Security
GrapheneOS 拒绝年龄验证
1 day 5 hours ago
Android 安全加固版 GrapheneOS 通过其社交媒体账号宣布它不会遵守新出台的年龄验证法律,这些法律要求操作系统在设置时收集用户年龄数据。GrapheneOS 强调它不会要求用户提供个人信息、身份证明或注册账户,如果搭载 GrapheneOS 的设备因当地法律法规限制无法在特定地区销售,它会接受。GrapheneOS 目前只支持 Google Pixel 系列智能手机,本月初与联想旗下的摩托罗拉宣布了合作,预计会在 2027 年推出支持 GrapheneOS 的智能手机。目前美国加州和科罗拉多州,以及巴西制定了法律要求操作系统验证用户年龄。其中巴西的法律 Digital ECA (Law 15.211)于 3 月 17 日生效,它规定违反者将面临最高 950 万美元罚款。GrapheneOS 不是唯一一个拒绝遵守年龄验证法律的操作系统项目。开源计算器固件项目 DB48X 开发者声明永远不会实施年龄验证;MidnightBSD 项目更新了许可证,禁止巴西用户使用。
The devices winning the race to get hacked in 2026
1 day 5 hours ago
Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, secure, and patch consistently. (Source: Forescout) Forescout’s 2026 Riskiest Devices research maps that shift in IT, IoT, OT, and IoMT environments, with 11 new riskiest asset types entering the list this year. That is the second-largest year-over-year increase on record, and two of the new entries moved straight into … More →
The post The devices winning the race to get hacked in 2026 appeared first on Help Net Security.
Sinisa Markovic
Top must-visit companies at RSAC 2026
1 day 5 hours ago
RSAC 2026 Conference is taking place at the Moscone Center in San Francisco March 23 – 26. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork to highlight the standout companies you won’t want to miss. Whether you’re looking for cutting-edge innovation, industry veterans with new offerings, or rising stars shaking things up, these exhibitors are bringing something special to the floor this … More →
The post Top must-visit companies at RSAC 2026 appeared first on Help Net Security.
Mirko Zorz
44 Aqua Security repositories defaced after Trivy supply chain breach
1 day 5 hours ago
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.4–0.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images. […]
Pierluigi Paganini
Red Hat security advisory (AV26-266)
1 day 5 hours ago
Canadian Centre for Cyber Security
Akira
1 day 5 hours ago
You must login to view this content
cohenido
The bizarre Cyber War over Kimwolf and Aisuru
1 day 5 hours ago
What happens when you take away cybercriminals’ most expensive toy? They get angry and attack. When courageous security researchers decided to paralyze over 500 command servers of the notorious IoT botnets Kimwolf and Aisuru, the hackers reacted promptly: They launched massive revenge attacks on the researchers, whose data packets were filled to the brim with […]
The post The bizarre Cyber War over Kimwolf and Aisuru appeared first on Link11.
Irina