Aggregator

Submit #774220 / VDB-353124

Submit #774218 / VDB-353123

Submit #774209 / VDB-353122

Vorlon has unveiled AI Agent Flight Recorder and AI Agent Action Center, adding forensics and coordinated response to secure enterprise agentic ecosystems and close a key security gap. The agentic ecosystem contains SaaS applications, AI agents, API integrations, non-human identities, and the sensitive data flows connecting them. It’s become the fastest-growing attack surface in the enterprise, moves at machine speed, and most organizations lack adequate supervision. The Agentic Ecosystem Security Gap: 2026 CISO Report, a … More →

The post Vorlon adds forensics and response to secure AI agents appeared first on Help Net Security.

A vulnerability marked as critical has been reported in opensourcepos Open Source Point of Sale up to 3.4.1. The affected element is the function search_custom of the component Custom Attributes Handler. This manipulation causes sql injection. This vulnerability is registered as CVE-2026-32888. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, has been found in tinytag up to 2.2.0. Affected is the function _parse_synced_lyrics. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2026-32889. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Discourse up to 2026.1.1/2026.2.0/2026.3.0-latest. The impacted element is the function allowed_names. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2026-31869. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Discourse up to 2026.1.1/2026.2.0/2026.3.0-latest.1. This affects an unknown function of the component User Actions Endpoint. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-30891. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Discourse up to 2026.1.1/2026.2.0/2026.3.0-latest.1. This issue affects some unknown processing. Such manipulation of the argument post_id[] leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-31805. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in openVESSL Anchorr up to 1.4.1. It has been classified as problematic. Impacted is an unknown function of the file /api/config. This manipulation of the argument DISCORD_TOKEN/JELLYFIN_API_KEY/JELLYSEERR_API_KEY/JWT_SECRET/WEBHOOK_SECRET causes cross site scripting. This vulnerability is registered as CVE-2026-32890. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Discourse up to 2026.1.1/2026.2.0/2026.3.0-latest. This affects an unknown part. The manipulation results in authorization bypass. This vulnerability is known as CVE-2026-32114. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in SiYuan up to 3.6.0. The impacted element is an unknown function of the file /api/lute/html2BlockDOM. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-32938. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in phpseclib up to 1.0.26/2.0.51/3.0.49. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes observable timing discrepancy. The identification of this vulnerability is CVE-2026-32935. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Frappe LMS 2.34.x/2.35.0 and classified as problematic. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2025-11282. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The affected component should be upgraded. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

A vulnerability categorized as critical has been discovered in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pes_cpf can lead to authorization bypass. This vulnerability is handled as CVE-2025-10947. The attack can be executed remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

Группировка NICKEL ALLEY крадет криптовалюту через поддельные тестовые задания.

DigiCert has announced enhancements to its Document Trust Manager solution to help organisations combat rising document fraud, simplify global compliance, and strengthen trust in digital transactions in the age of AI. Unlike traditional signing tools that require separate regional or departmental infrastructure to meet standards such as AATL and eIDAS, Document Trust Manager centralises signing assurance management in a single solution.     The surge in generative AI and digital transformation has dramatically increased the … More →

The post DigiCert Document Trust Manager enhancements improve document security and compliance appeared first on Help Net Security.

FreeCAD 项目释出了 v1.1 版本。主要新特性包括：Part Design 透明预览、Fillet 和 Chamfer 等工具新增交互式拖拽功能、三点照明、Clarify Selection 工具、Assembly 和 FEM 改进和动画效果、全新 CAM 工具库系统，等等。

2026年3月24日，LiteLLM的PyPI包遭供应链攻击，恶意版本1.82.7和1.82.8通过窃取的维护者凭证上传。攻击利用.pth机制窃取云凭证、SSH密钥等，并在K8s环境横向移动。用户应立即检查版本、轮换所有凭证并删除恶意文件。

3月25日，墨菲安全监测发现常用于API文档管理和调试的客户端工具Apifox CDN服务被投毒，影响2.8.19之前的历史版本，建议使用受影响版本的用户尽快升级至最新版。