Aggregator

CVE-2026-40363 | Microsoft Office up to LTSC 2024 heap-based overflow

Vuldb Updates
1 day 12 hours ago
A vulnerability, which was classified as critical, was found in Microsoft Office up to LTSC 2024. Affected by this vulnerability is an unknown functionality. Such manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-40363. The attack can be executed remotely. There is not any exploit available. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2026-35440 | Microsoft Word up to Word 2016 file access

Vuldb Updates
1 day 12 hours ago
A vulnerability identified as problematic has been detected in Microsoft Word 2019/365 Apps/LTSC 2021/LTSC 2024/Word 2016. This issue affects some unknown processing. This manipulation causes files or directories accessible. The identification of this vulnerability is CVE-2026-35440. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.
vuldb.com

Open WebUI Vulnerability via File Upload Leads to 1-Click RCE Attack

Cyber Security News
1 day 13 hours ago

A single click can allow attackers to exploit a critical, unpatched flaw in Open WebUI to seize control of AI workspaces, execute remote code, hijack accounts, and steal sensitive chat histories. Discovered by security researcher Metin Yunus Kandemir, the vulnerability stems from a Stored Cross-Site Scripting (XSS) flaw in the platform’s profile image upload feature. […]

The post Open WebUI Vulnerability via File Upload Leads to 1-Click RCE Attack appeared first on Cyber Security News.

Abinaya

Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager

Cyber Security News
1 day 13 hours ago

Ivanti has released its May 2026 Patch Tuesday security updates, disclosing vulnerabilities across four products while revealing that artificial intelligence tools are already helping its engineers uncover flaws that traditional scanners miss and warning that AI-driven discovery will likely accelerate future disclosure volumes. Ivanti Patches Multiple Vulnerabilities The company addressed vulnerabilities in four distinct products […]

The post Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager appeared first on Cyber Security News.

Guru Baran

No Blind Spots: How Top MSSPs Prevent Incidents withLive Threat Visibility

Cyber Security News
1 day 13 hours ago

Every incident that damages a client starts with a moment of invisibility: a connection the SIEM didn’t flag, a domain the detection rules didn’t know about, an IOC that was active for two days before any feed registered it. Top-performing MSSPs have learned that preventing incidents isn’t primarily a matter of analyst skill or tooling sophistication. It […]

The post No Blind Spots: How Top MSSPs Prevent Incidents withLive Threat Visibility appeared first on Cyber Security News.

Balaji N

Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government Identity Authority

Dark Web Informer - Cyber Threat Intelligence
1 day 13 hours ago
.dwi-post, .dwi-post * { font-family: 'Inter', -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; } .dwi-post { --dwi-card: rgba(127, 127, 127, 0.06); --dwi-border: rgba(127, 127, 127, 0.18); --dwi-muted: rgba(127, 127, 127, 0.85); --dwi-cyan: #38bdf8; --dwi-amber: #fbbf24; max-width: 680px; margin: 0 auto; font-size: 16px; line-height: 1.65; font-feature-settings:
Dark Web Informer

Managed ad