Aggregator

CVE-2026-33487 | russellhaering goxmldsig up to 1.5.x XML Digital Signature validateSignature signature verification

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as problematic, was found in russellhaering goxmldsig up to 1.5.x. Affected by this issue is the function validateSignature of the component XML Digital Signature Handler. Such manipulation leads to improper verification of cryptographic signature. This vulnerability is traded as CVE-2026-33487. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-33442 | kysely up to 0.28.13 sanitizeStringLiteral sql injection (GHSA-fr9j-6mvq-frcv)

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as critical, has been found in kysely up to 0.28.13. Affected by this vulnerability is the function sanitizeStringLiteral. This manipulation causes sql injection. This vulnerability appears as CVE-2026-33442. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-3115 | Mattermost up to 10.11.10/11.2.2/11.3.1/11.4.0 Group Retrieval Endpoint authorization

VulDB Recent Entries
1 month ago
A vulnerability classified as problematic was found in Mattermost up to 10.11.10/11.2.2/11.3.1/11.4.0. Affected is an unknown function of the component Group Retrieval Endpoint. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-3115. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

The Hackers News
1 month ago
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that's also tracked as Earth Bluecrow,
The Hacker News

CISA Warns of Langflow Code Injection Vulnerability Exploited in Attacks

Cyber Security News
1 month ago

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the Langflow platform to its Known Exploited Vulnerabilities (KEV) catalog on March 25, 2026. The vulnerability, tracked as CVE-2026-33017, involves a highly dangerous code injection issue that is currently being actively exploited in the wild. Langflow operates as a popular […]

The post CISA Warns of Langflow Code Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Abinaya

Managed ad