Aggregator

CVE-2026-26929 | Apache Airflow up to 3.1.7 FastAPI DagVersion Listing API permission assignment (WID-SEC-2026-0755)

Vuldb Updates
16 hours 52 minutes ago
A vulnerability identified as problematic has been detected in Apache Airflow up to 3.1.7. Impacted is an unknown function of the component FastAPI DagVersion Listing API. This manipulation causes incorrect permission assignment. This vulnerability is tracked as CVE-2026-26929. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2026-27979 | vercel next.js up to 16.1.6 allocation of resources (GHSA-h27x-g6w4-24gq)

Vuldb Updates
16 hours 52 minutes ago
A vulnerability marked as problematic has been reported in vercel next.js up to 16.1.6. Affected by this vulnerability is an unknown functionality. This manipulation causes allocation of resources. The identification of this vulnerability is CVE-2026-27979. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-27980 | vercel next.js up to 16.1.6 resource consumption (GHSA-3x4c-7xq6-9pq8)

Vuldb Updates
16 hours 52 minutes ago
A vulnerability described as problematic has been identified in vercel next.js up to 16.1.6. Affected by this issue is some unknown functionality. Such manipulation leads to resource consumption. This vulnerability is referenced as CVE-2026-27980. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-4355 | Portabilis i-Educar 2.11 Endpoint educar_servidor_curso_lst.php Name cross site scripting (EUVD-2026-12686)

Vuldb Updates
16 hours 52 minutes ago
A vulnerability was found in Portabilis i-Educar 2.11. It has been rated as problematic. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of the argument Name results in cross site scripting. This vulnerability was named CVE-2026-4355. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-28673 | danvei233 xiaoheiFS up to 0.3.x ZIP File Parser manifest.json binaries os command injection (GHSA-4vw4-5wmh-7x4v / EUVD-2026-12700)

Vuldb Updates
16 hours 52 minutes ago
A vulnerability was found in danvei233 xiaoheiFS up to 0.3.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manifest.json of the component ZIP File Parser. Executing a manipulation of the argument binaries can lead to os command injection. This vulnerability is handled as CVE-2026-28673. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-30911 | Apache Airflow up to 3.1.7 Execution API authorization (EUVD-2026-12566 / WID-SEC-2026-0755)

Vuldb Updates
16 hours 52 minutes ago
A vulnerability was found in Apache Airflow up to 3.1.7. It has been declared as critical. This affects an unknown part of the component Execution API. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-30911. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-4324 | Red Hat Satellite 6 on Red Katello Plugin /api/hosts/bootc_images sort_by sql injection (EUVD-2026-12572)

Vuldb Updates
16 hours 52 minutes ago
A vulnerability marked as critical has been reported in Red Hat Satellite 6 on Red. The impacted element is an unknown function of the file /api/hosts/bootc_images of the component Katello Plugin. Performing a manipulation of the argument sort_by results in sql injection. This vulnerability is cataloged as CVE-2026-4324. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

WordPress.com现允许AI智能体撰写和发布文章

不安全
17 hours 15 minutes ago
好的,我现在要帮用户总结这篇文章的内容。首先,我需要仔细阅读用户提供的文章内容,理解其主要信息。 文章主要讲的是WordPress.com现在允许AI智能体撰写和发布文章。这意味着网站所有者可以通过自然语言命令让AI完成内容创作、编辑、发布,以及管理评论和元数据等任务。这样不仅降低了建站和维护的门槛,也可能导致网络上出现更多由机器生成的内容。 接下来,我需要将这些信息浓缩到100字以内。要注意控制字数,同时保留关键点:WordPress.com、AI智能体、撰写发布文章、自然语言命令、降低门槛、机器生成内容增多。 然后,我要确保语言简洁明了,直接描述内容,不需要使用“总结”或“这篇文章”这样的开头词。 最后,检查一下是否符合要求:字数控制在100字以内,直接描述内容,没有多余的部分。 WordPress.com允许AI智能体通过自然语言命令撰写、编辑和发布内容,并管理评论及元数据。这一功能降低了网站创建和维护的门槛,可能使网络充斥更多机器生成的内容。

Does your NHI system deliver essential value

Security Boulevard
19 hours 16 minutes ago

Is Your Organization’s Non-Human Identity Strategy Robust Enough? What if the backbone of your organization’s cybersecurity strategy is more susceptible to breaches than you think? Where machine identities increasingly outnumber human ones, focusing on Non-Human Identities (NHIs) is critical. NHIs serve as the “tourists” navigating through vast cloud environments. Much like human identities, they require […]

The post Does your NHI system deliver essential value appeared first on Entro.

The post Does your NHI system deliver essential value appeared first on Security Boulevard.

Alison Mack

Is your Agentic AI optimized for latest threats

Security Boulevard
19 hours 16 minutes ago

What Are Non-Human Identities (NHIs) and Why Are They Critical in Cybersecurity? How do we ensure the security of these interactions? The concept of Non-Human Identities (NHIs) offers a compelling solution. NHIs, an advanced concept in cybersecurity, are designed to safeguard machine identities, ensuring that their actions are secure from creation to decommissioning. The Relevance […]

The post Is your Agentic AI optimized for latest threats appeared first on Entro.

The post Is your Agentic AI optimized for latest threats appeared first on Security Boulevard.

Alison Mack

How relieved are you with your secrets vaulting strategy

Security Boulevard
19 hours 16 minutes ago

Are You Confident in Your Secrets Vaulting Strategy? The management of machine identities—what the industry terms Non-Human Identities (NHIs)—has become a linchpin in safeguarding cloud environments. When organizations increasingly transition to cloud-based architectures, ensuring the security of NHIs and their associated secrets is paramount. But how can organizations feel truly reassured in their secrets vaulting […]

The post How relieved are you with your secrets vaulting strategy appeared first on Entro.

The post How relieved are you with your secrets vaulting strategy appeared first on Security Boulevard.

Alison Mack

CVE-2026-4558 | Linksys MR9600 2.0.6.206937 SmartConnect.lua smartConnectConfigure os command injection

VulDB Recent Entries
20 hours 27 minutes ago
A vulnerability was found in Linksys MR9600 2.0.6.206937 and classified as critical. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The identification of this vulnerability is CVE-2026-4558. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-4557 | code-projects Exam Form Submission 1.0 /admin/update_s1.php sname cross site scripting

VulDB Recent Entries
20 hours 29 minutes ago
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as problematic. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in cross site scripting. This vulnerability was named CVE-2026-4557. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

Security Boulevard
20 hours 38 minutes ago

On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this […]

The post CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive appeared first on Security Boulevard.

Tom Abai

Qilin

Dark Feed IO
21 hours 14 minutes ago

You must login to view this content

cohenido

Managed ad