Aggregator

A vulnerability was found in WWBN AVideo up to 26.0. It has been declared as critical. This impacts the function isValidURLOrPath of the file /objects/aVideoEncoder.json.php of the component Endpoint. Such manipulation of the argument chunkFile leads to file inclusion. This vulnerability is documented as CVE-2026-33354. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in WWBN AVideo up to 26.0. It has been classified as critical. This affects the function isSSRFSafeURL of the file plugin/LiveLinks/proxy.php of the component IPv6 Address Handler. This manipulation causes server-side request forgery. This vulnerability is registered as CVE-2026-33480. Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in WWBN AVideo up to 26.0 and classified as critical. The impacted element is the function sanitizeFFmpegCommand of the file plugin/API/standAlone/functions.php. The manipulation results in os command injection. This vulnerability is cataloged as CVE-2026-33482. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in WWBN AVideo up to 26.0 and classified as problematic. The affected element is an unknown function of the file aVideoEncoderChunk.json.php. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-33483. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is tracking a relatively new cybercriminal group called Nasir Security, presumably associated with Iran, that is targeting energy organizations in the Middle East. The energy sector is one of the most impacted areas because of the […]

Как ограничения сигнала случайно озолотили московский общепит.

A vulnerability, which was classified as problematic, was found in Pixarra Luminance Studio 2.17. Impacted is an unknown function of the component Keyboard Interface. Executing a manipulation can lead to improper restriction of names for files and other resources. This vulnerability is tracked as CVE-2019-25623. The attack is restricted to local execution. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, has been found in Pixarra Paint Studio 2.17. This issue affects some unknown processing. Performing a manipulation results in improper validation of specified index, position, or offset in input. This vulnerability is identified as CVE-2019-25622. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability classified as problematic was found in Pixarra Pixel Studio 2.17. This vulnerability affects unknown code of the component Keyboard Interface. Such manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is referenced as CVE-2019-25621. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in Pixarra Tree Studio 2.17. This affects an unknown part of the component Keyboard Interface. This manipulation causes improper handling of inconsistent special elements. The identification of this vulnerability is CVE-2019-25620. The attack can only be executed locally. Furthermore, there is an exploit available.

A vulnerability described as problematic has been identified in Fastify up to 5.8.2. Affected by this issue is the function request.protocol/request.host. The manipulation of the argument X-Forwarded-Proto/X-Forwarded-Host results in use of less trusted source. This vulnerability was named CVE-2026-3635. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in antchfx xpath. Affected by this vulnerability is an unknown functionality of the component Boolean XPath Expression Handler. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2026-4645. The attack is possible to be carried out remotely. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability labeled as critical has been found in WWBN AVideo up to 25.x. Affected is the function file_get_contents of the file plugin/Live/standAloneFiles/saveDVR.json.php. Executing a manipulation of the argument webSiteRootURL can lead to server-side request forgery. This vulnerability is handled as CVE-2026-33351. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in WWBN AVideo up to 25.x. This impacts an unknown function of the file setPassword.json.php. Performing a manipulation of the argument Password results in authorization bypass. This vulnerability is known as CVE-2026-33297. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in GNU Biutils. This affects an unknown function of the component BFD Library. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-4647. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in WWBN AVideo up to 25.x. It has been rated as critical. The impacted element is the function getAllCategories of the file objects/category.php of the component Request Parameter Handler. This manipulation causes sql injection. This vulnerability appears as CVE-2026-33352. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Android 安全加固版 GrapheneOS 通过其社交媒体账号宣布它不会遵守新出台的年龄验证法律，这些法律要求操作系统在设置时收集用户年龄数据。GrapheneOS 强调它不会要求用户提供个人信息、身份证明或注册账户，如果搭载 GrapheneOS 的设备因当地法律法规限制无法在特定地区销售，它会接受。GrapheneOS 目前只支持 Google Pixel 系列智能手机，本月初与联想旗下的摩托罗拉宣布了合作，预计会在 2027 年推出支持 GrapheneOS 的智能手机。目前美国加州和科罗拉多州，以及巴西制定了法律要求操作系统验证用户年龄。其中巴西的法律 Digital ECA (Law 15.211)于 3 月 17 日生效，它规定违反者将面临最高 950 万美元罚款。GrapheneOS 不是唯一一个拒绝遵守年龄验证法律的操作系统项目。开源计算器固件项目 DB48X 开发者声明永远不会实施年龄验证；MidnightBSD 项目更新了许可证，禁止巴西用户使用。