Aggregator

CVE-2026-23255 | Linux Kernel up to 6.18.9 net /proc/net/ptype ptype_seq_next/ptype_seq_show state issue (Nessus ID 319993 / WID-SEC-2026-0790)

Vuldb Updates
4 days 21 hours ago
A vulnerability has been found in Linux Kernel up to 6.18.9 and classified as critical. Affected by this vulnerability is the function ptype_seq_next/ptype_seq_show of the file /proc/net/ptype of the component net. This manipulation causes state issue. This vulnerability is handled as CVE-2026-23255. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-23411 | Linux Kernel up to 7.0-rc3 apparmor i_private privilege escalation (EUVD-2026-17843 / Nessus ID 319993)

Vuldb Updates
4 days 21 hours ago
A vulnerability was found in Linux Kernel up to 6.6.129/6.12.76/6.18.17/6.19.7/7.0-rc3. It has been declared as critical. This affects the function i_private of the component apparmor. Such manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-23411. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-23409 | Linux Kernel up to 7.0-rc3 apparmor encoding error (EUVD-2026-17839 / Nessus ID 319993)

Vuldb Updates
4 days 21 hours ago
A vulnerability was found in Linux Kernel up to 6.6.129/6.12.76/6.18.17/6.19.7/7.0-rc3 and classified as critical. The affected element is an unknown function of the component apparmor. The manipulation results in encoding error. This vulnerability is cataloged as CVE-2026-23409. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands

Cyber Security News
4 days 21 hours ago

Fortinet has disclosed a critical security vulnerability in its FortiSandbox product line that could allow unauthenticated remote attackers to execute arbitrary OS commands through the web interface. The flaw, tracked as CVE-2026-25089 and assigned a CVSSv3 score of 9.1 (Critical), affects multiple versions of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS deployments. The vulnerability stems from […]

The post Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands appeared first on Cyber Security News.

Guru Baran

CVE-2026-11027 | Google Chrome up to 148.0.7778.216 Glic cross-domain policy (ID 497604 / WID-SEC-2026-1794)

Vuldb Updates
4 days 22 hours ago
A vulnerability, which was classified as problematic, was found in Google Chrome. The impacted element is an unknown function of the component Glic. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. This vulnerability is registered as CVE-2026-11027. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-11026 | Google Chrome up to 148.0.7778.216 Extensions access control (ID 497599 / WID-SEC-2026-1794)

Vuldb Updates
4 days 22 hours ago
A vulnerability classified as critical was found in Google Chrome. Affected by this issue is some unknown functionality of the component Extensions. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2026-11026. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-11031 | Google Chrome up to 148.0.7778.216 Password Manager clickjacking (ID 497748 / WID-SEC-2026-1794)

Vuldb Updates
4 days 22 hours ago
A vulnerability was found in Google Chrome. It has been classified as problematic. Affected is an unknown function of the component Password Manager. This manipulation causes clickjacking. This vulnerability appears as CVE-2026-11031. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-11032 | Google Chrome up to 148.0.7778.216 Password Manager cross-domain policy (ID 497831 / WID-SEC-2026-1794)

Vuldb Updates
4 days 22 hours ago
A vulnerability was found in Google Chrome. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Password Manager. Such manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is traded as CVE-2026-11032. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-11033 | Google Chrome up to 148.0.7778.216 on macOS WebML uninitialized variable (ID 497926 / WID-SEC-2026-1794)

Vuldb Updates
4 days 22 hours ago
A vulnerability labeled as critical has been found in Google Chrome on macOS. This issue affects some unknown processing of the component WebML. The manipulation results in use of uninitialized variable. This vulnerability was named CVE-2026-11033. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-11036 | Google Chrome up to 148.0.7778.216 DOM cross-domain policy (ID 497964 / WID-SEC-2026-1794)

Vuldb Updates
4 days 22 hours ago
A vulnerability was found in Google Chrome. It has been rated as problematic. Affected by this issue is some unknown functionality of the component DOM. Performing a manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2026-11036. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.
vuldb.com

SPF, DKIM, DMARC Passed. Malicious Link Passes Every Authentication Check, But CyberCheck360 Caught It

Cyber Security News
4 days 22 hours ago

A $12 domain, 72 hours of patience, and your finance team’s credentials — why authentication tells you who sent the email, never where the link goes, and how detection at the click closes the gap your gateway can’t see. A domain is registered on Monday. By Tuesday it serves a pixel-perfect Microsoft 365 login clone. […]

The post SPF, DKIM, DMARC Passed. Malicious Link Passes Every Authentication Check, But CyberCheck360 Caught It appeared first on Cyber Security News.

Kavichselvan

Google Chrome 0-Day Vulnerability Exploited in the Wild — Update Now

Cyber Security News
4 days 22 hours ago

Google has released an emergency security update for Chrome, patching a critical zero-day vulnerability actively exploited in the wild. The Stable channel has been updated to version 149.0.7827.102/.103 for Windows and Mac, and 149.0.7827.102 for Linux, addressing 74 security vulnerabilities, including one confirmed zero-day. Here’s the breakdown of the five actively exploited Chrome zero-days patched […]

The post Google Chrome 0-Day Vulnerability Exploited in the Wild — Update Now appeared first on Cyber Security News.

Guru Baran

Managed ad