Aggregator

CVE-2026-4202 | Redirect Tabs Extension up to 2.1.1/3.1.6/4.0.4 on TYPO3 authorization

VulDB Recent Entries
2 weeks 1 day ago
A vulnerability, which was classified as problematic, has been found in Redirect Tabs Extension up to 2.1.1/3.1.6/4.0.4 on TYPO3. This affects an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-4202. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-1323 | Mailqueue Extension up to 0.4.4/0.5.1 on TYPO3 deserialization

VulDB Recent Entries
2 weeks 1 day ago
A vulnerability classified as critical has been found in Mailqueue Extension up to 0.4.4/0.5.1 on TYPO3. The affected element is an unknown function. Performing a manipulation results in deserialization. This vulnerability is reported as CVE-2026-1323. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-23241 | Linux Kernel up to 6.19.5 audit /tmp/test getxattr information disclosure (WID-SEC-2026-0754)

VulDB Recent Entries
2 weeks 1 day ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.19.5. Impacted is the function getxattr of the file /tmp/test of the component audit. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-23241. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-71239 | Linux Kernel up to 6.19.5 audit fchmodat2 privilege escalation (WID-SEC-2026-0754)

VulDB Recent Entries
2 weeks 1 day ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.5. This issue affects the function fchmodat2 of the component audit. This manipulation causes privilege escalation. This vulnerability is registered as CVE-2025-71239. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

The Hackers News
2 weeks 1 day ago
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. "Initial access was achieved through a spear-phishing email disguised as a
The Hacker News

德国法庭裁决 TCL 的 QLED 不是真的 QLED

Solidot
2 weeks 1 day ago
德国的一家法庭裁决 TCL 误导消费者,它的多款宣称“量子点电视(QLED)”的产品并不是真的 QLED,没有提供 QLED 电视应有的色彩还原。法院命令 TCL 停止在德国宣传或销售相关型号的电视机。相关诉讼由韩国公司韩松化学提起,它是 TCL 竞争对手三星的合作伙伴。韩松化学委托进行的测试显示,三款以量子点名义出售的 TV 都未检测出铟和镉,它们是不可或缺的量子点材料。TCL 对测试结果提出异议,称量子点含量因供应商而异,它公布了自己的测试结果。TCL 的测试结果与韩松化学的测试结果相矛盾,但双方采用了不同的测试方法:TCL 的测试侧重于其使用的量子点薄膜,而韩松化学测试的是 TCL 电视机。韩松化学在包括美国在内的多国提起了针对 TCL 的诉讼,另一家中国电视制造商海信也面临类似的诉讼。

CUDA Agent:面向高性能 CUDA 内核生成的大规模智能体强化学习

Seebug Paper
2 weeks 1 day ago
作者:Weinan Dai, Hanlin Wu, Qiying Yu等 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2602.24286v1 摘要 GPU内核优化是现代深度学习的基础,但仍是一项高度专业化的任务,需要深厚的硬件专业知识。尽管大语言模型(LLM)在通用编程任务中表现出色,但在CUDA内核生成方面,仍无法与基于编译器的系统(如tor...

Lazarus, AI, and Trust Abuse: Top Enterprise Cybersecurity Risks 2026 

Anyrun
2 weeks 1 day ago

As part of a recent live expert panel, ANY.RUN together with threat researcher and ethical hacker Mauro Eldritch explored biggest security risks companies should be prepared for in 2026.  The discussion covered several relevant cases, from the Lazarus IT Workers operation to the rapid rise of AI-driven phishing attacks, and examined the common thread behind them: trust abuse.  Below are the key takeaways for those seeking a clearer view of […]

The post Lazarus, AI, and Trust Abuse: Top Enterprise Cybersecurity Risks 2026  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

CVE-2026-4039 | OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides code injection (GHSA-82g8-464f-2mv7)

Vuldb Updates
2 weeks 1 day ago
A vulnerability was found in OpenClaw 2026.2.19-2. It has been declared as critical. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. This vulnerability is registered as CVE-2026-4039. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-4040 | OpenClaw up to 2026.2.17 File Existence tools.exec.safeBins information exposure (GHSA-6c9j-x93c-rw6j)

Vuldb Updates
2 weeks 1 day ago
A vulnerability was found in OpenClaw up to 2026.2.17. It has been rated as problematic. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is documented as CVE-2026-4040. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

Managed ad