Aggregator

CVE-2026-41873 | Apache Pony Mail HTTP Request request smuggling (EUVD-2026-26065)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability marked as critical has been reported in Apache Pony Mail. This issue affects some unknown processing of the component HTTP Request Handler. Performing a manipulation results in http request smuggling. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2026-41873. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-40556 | GNU nano up to 8.x Local Directory Page ~/.local permission assignment (EUVD-2026-26053)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability labeled as problematic has been found in GNU nano up to 8.x. This vulnerability affects unknown code of the file ~/.local of the component Local Directory Page. Such manipulation leads to incorrect permission assignment. This vulnerability is listed as CVE-2026-40556. The attack must be carried out locally. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-27760 | OpenCATS up to 0.9.7.4 AJAX Endpoint config.php define action code injection (EUVD-2026-26052)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability identified as critical has been detected in OpenCATS up to 0.9.7.4. This affects the function define of the file config.php of the component AJAX Endpoint. This manipulation of the argument action causes code injection. This vulnerability is tracked as CVE-2026-27760. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.
vuldb.com

Checkmarx Confirms GitHub Repository Data Published on Dark Web

Cyber Security News
1 month 3 weeks ago

Application security testing firm Checkmarx has confirmed a significant escalation in its ongoing security incident. Cybercriminals have officially published company data on the dark web. This new development directly ties back to a supply chain attack that initially compromised the company’s systems on March 23, 2026. Working alongside a leading third-party forensic firm, Checkmarx traced […]

The post Checkmarx Confirms GitHub Repository Data Published on Dark Web appeared first on Cyber Security News.

Abinaya

ShinyHunters claims it stole 1.4 million records from Udemy

Help Net Security
1 month 3 weeks ago

The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms. According to Have I Been Pwned, the leaked dataset contained 1.4 million unique email addresses of customers and instructors, along with names, physical addresses, phone numbers, employer information, and instructor payout methods, including PayPal, cheque, and bank transfer. “Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak,” ShinyHunters wrote on their … More →

The post ShinyHunters claims it stole 1.4 million records from Udemy appeared first on Help Net Security.

Sinisa Markovic

Critical LiteLLM SQL Injection Vulnerability Exploited in the Wild

Cyber Security News
1 month 3 weeks ago

A critical pre-authentication SQL injection vulnerability in LiteLLM, a widely used open-source AI gateway with over 22,000 GitHub stars, is actively being exploited in the wild. Tracked as CVE-2026-42208, this severe flaw allows unauthorized attackers to extract highly sensitive cloud and AI provider credentials directly from the platform’s PostgreSQL database. LiteLLM acts as a central […]

The post Critical LiteLLM SQL Injection Vulnerability Exploited in the Wild appeared first on Cyber Security News.

Abinaya

Managed ad