Aggregator

A vulnerability, which was classified as critical, was found in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the argument MediaServer.streamIp results in server-side request forgery. This vulnerability is cataloged as CVE-2026-3966. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Alfresco Activiti up to 7.19/8.8.0 and classified as critical. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization System. This manipulation causes deserialization. This vulnerability is registered as CVE-2026-3967. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in xygeni xygeni-action. Affected by this issue is some unknown functionality. Executing a manipulation can lead to embedded malicious code. This vulnerability is registered as CVE-2026-31976. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in Oracle Banking Deposits and Lines of Credit Servicing 2.7. The affected element is an unknown function of the component Web UI. The manipulation leads to denial of service. This vulnerability is listed as CVE-2022-23437. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Oracle Banking Party Management 2.7. This affects an unknown function of the component Web UI. This manipulation causes denial of service. This vulnerability is registered as CVE-2022-23437. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Financial Services Crime and Compliance Management Studio 8.0.8.2.0/8.0.8.3.0. Affected by this vulnerability is an unknown functionality of the component Studio. Executing a manipulation can lead to denial of service. This vulnerability appears as CVE-2022-23437. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Oracle FLEXCUBE Universal Banking 12.4. This affects an unknown part of the component Infrastructure. The manipulation results in denial of service. This vulnerability is known as CVE-2022-23437. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability described as critical has been identified in Oracle Primavera Unifier up to 21.12. This affects an unknown function of the component Platform/User Interface. The manipulation results in denial of service. This vulnerability is known as CVE-2022-23437. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

Rural hospitals and clinics continue to struggle with a lack of cyber resources but a federal grant program set to provide $50 billion worth of funding across all 50 states could hopefully help lessen some of the pain, said Jim Roeder, VP of IT at Lakewood Health System in Minnesota.

Long-life medical devices - products typically used for a decade or longer - are among the most post-quantum, cryptographically vulnerable technologies in healthcare, said Joern Lubadel, global head of product security at German-based medical device and healthcare products maker B. Braun.

CIOs Face Integration, Talent and ROI Hurdles Despite Rising AI Budgets
CIOs looking for quick wins from AI may be out of luck. The real value from AI won't come from plug-and-play tools that can be bought, but rather from the hard work of integrating AI into enterprise systems, workflows and operating models, according to new research from Cognizant.

Iran Expands Targeting, Including AWS, Google and Microsoft Infrastructure
Michigan-based medical technology giant Stryker appears to have been hacked by a pro-Iranian group called Handala, leading to global operations being disrupted, IT devices remotely wiped and terabytes of data being stolen. Experts said Handala appears to be a "faketivist" group run by Tehran.

Startup Platform Targets Autonomous Detection and Exposure Management
Cybersecurity startup Kai emerged from stealth with $125 million in funding led by Evolution Equity to develop an agentic AI platform that automates exposure management, threat intelligence, analysis and detection workflows while helping security teams remediate vulnerabilities faster.

Vendor Combines AI Attack Agents, Human Experts to Simulate Real-World Cyberattacks
Offensive security startup Armadin secured nearly $190 million in funding to expand a platform that uses AI agents to automate red-team operations. The technology enables companies to continuously test defenses and uncover attack paths that traditional consulting engagements often miss.

腾讯董事会主席兼首席执行官马化腾今天凌晨 2 时许在朋友圈转发了腾讯推出全系「龙虾」产品矩阵的公众号文章，并配文「自研龙虾、本地虾、云端虾、企业虾、云桌面虾，安全隔离虾房、云保安、知识库…… 还有一批产品陆续赶来」。

A vulnerability described as problematic has been identified in swaldman mchange-commons-java up to 0.3.x. This affects an unknown part. Executing a manipulation can lead to injection. This vulnerability is registered as CVE-2026-27727. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.