Aggregator

CVE-2026-33135 | LabRedesCefetRJ WeGIA up to 3.6.6 novo_memorandoo.php msg cross site scripting (GHSA-w5rv-5884-w94v)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.6.6. It has been classified as problematic. This affects an unknown function of the file /html/memorando/novo_memorandoo.php. This manipulation of the argument msg causes cross site scripting. This vulnerability appears as CVE-2026-33135. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-33134 | LabRedesCefetRJ WeGIA up to 3.6.5 GET Parameter restaurar_produto.php id_produto sql injection (GHSA-qg95-x997-66wq)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.6.5 and classified as critical. The impacted element is an unknown function of the file html/matPat/restaurar_produto.php of the component GET Parameter Handler. The manipulation of the argument id_produto results in sql injection. This vulnerability is reported as CVE-2026-33134. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-33132 | Zitadel up to 3.4.8/4.12.2 API V2 Endpoint authorization (GHSA-g2pf-ww5m-2r9m)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability has been found in Zitadel up to 3.4.8/4.12.2 and classified as problematic. The affected element is an unknown function of the component API V2 Endpoint. The manipulation leads to incorrect authorization. This vulnerability is documented as CVE-2026-33132. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-33136 | LabRedesCefetRJ WeGIA up to 3.6.6 Memorando listar_memorandos_ativos.php msg cross site scripting (GHSA-xjqp-5q3h-2cxh)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability, which was classified as problematic, was found in LabRedesCefetRJ WeGIA up to 3.6.6. Impacted is an unknown function of the file /html/memorando/listar_memorandos_ativos.php of the component Memorando Module. Executing a manipulation of the argument msg can lead to cross site scripting. This vulnerability is registered as CVE-2026-33136. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-32595 | Traefik up to 2.11.40/3.6.10 timing discrepancy (GHSA-g3hg-j4jv-cwfr)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability, which was classified as problematic, has been found in Traefik up to 2.11.40/3.6.10. This issue affects some unknown processing. Performing a manipulation results in observable timing discrepancy. This vulnerability is cataloged as CVE-2026-32595. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-33131 | h3js h3 up to 2.0.0-0/2.0.1-rc.14/2.0.1-rc.15 Host event.url/event.url.hostname/event.url._url authentication spoofing (GHSA-3vj8-jmxq-cgj5)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability classified as critical was found in h3js h3 up to 2.0.0-0/2.0.1-rc.14/2.0.1-rc.15. This vulnerability affects unknown code of the component Host Handler. Such manipulation of the argument event.url/event.url.hostname/event.url._url leads to authentication bypass by spoofing. This vulnerability is listed as CVE-2026-33131. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2026-32305 | Traefik up to 2.11.40/3.6.10 TLS Configuration improper authentication (GHSA-wvvq-wgcr-9q48)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability described as critical has been identified in Traefik up to 2.11.40/3.6.10. Affected by this issue is some unknown functionality of the component TLS Configuration Handler. The manipulation results in improper authentication. This vulnerability is identified as CVE-2026-32305. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-33133 | LabRedesCefetRJ WeGIA up to 3.6.6 SQL File Parser loadBackupDB sql injection (GHSA-qqff-p8fc-hg5f)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability marked as critical has been reported in LabRedesCefetRJ WeGIA up to 3.6.6. Affected by this vulnerability is the function loadBackupDB of the component SQL File Parser. The manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-33133. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

Terminated contract led to $2.5 million cyber extortion scheme

Help Net Security
3 weeks 6 days ago

A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up to two years in prison on each of the six charges. Curry, who worked as a data analyst for about six months with the victim company and had access to its data files and internal personnel and corporate information, began the scheme after learning his contract would … More →

The post Terminated contract led to $2.5 million cyber extortion scheme appeared first on Help Net Security.

Sinisa Markovic

Microsoft Unveils New Teams Optimizations for Windows App on iOS & Android

Cyber Security News
3 weeks 6 days ago

Microsoft has officially announced the general availability of new Microsoft Teams optimizations for the Windows App on both iOS and Android platforms. Released on March 18, 2026, this update introduces the WebRTC Redirector Service to mobile users connecting to Azure Virtual Desktop and Windows 365 environments. For IT administrators and security teams managing distributed workforces, […]

The post Microsoft Unveils New Teams Optimizations for Windows App on iOS & Android appeared first on Cyber Security News.

Abinaya

Xbow Raises $120M Series C to Scale Autonomous AI Hacking

BankInfoSecurity.com
3 weeks 6 days ago
Newly Minted Unicorn Says AI-Driven Attacks Force Shift to Continuous Pen Testing
Xbow has raised $120 million in Series C funding after proving its autonomous AI hacking platform can outperform human pen testers. CEO Oege de Moor says the rise of AI-driven cyberattacks is forcing enterprises to test systems continuously rather than periodically.

Managed ad