Aggregator

A vulnerability has been found in WWBN AVideo up to 26.0 and classified as problematic. The affected element is an unknown function of the file aVideoEncoderChunk.json.php. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-33483. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is tracking a relatively new cybercriminal group called Nasir Security, presumably associated with Iran, that is targeting energy organizations in the Middle East. The energy sector is one of the most impacted areas because of the […]

Как ограничения сигнала случайно озолотили московский общепит.

A vulnerability, which was classified as problematic, was found in Pixarra Luminance Studio 2.17. Impacted is an unknown function of the component Keyboard Interface. Executing a manipulation can lead to improper restriction of names for files and other resources. This vulnerability is tracked as CVE-2019-25623. The attack is restricted to local execution. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, has been found in Pixarra Paint Studio 2.17. This issue affects some unknown processing. Performing a manipulation results in improper validation of specified index, position, or offset in input. This vulnerability is identified as CVE-2019-25622. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability classified as problematic was found in Pixarra Pixel Studio 2.17. This vulnerability affects unknown code of the component Keyboard Interface. Such manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is referenced as CVE-2019-25621. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in Pixarra Tree Studio 2.17. This affects an unknown part of the component Keyboard Interface. This manipulation causes improper handling of inconsistent special elements. The identification of this vulnerability is CVE-2019-25620. The attack can only be executed locally. Furthermore, there is an exploit available.

A vulnerability described as problematic has been identified in Fastify up to 5.8.2. Affected by this issue is the function request.protocol/request.host. The manipulation of the argument X-Forwarded-Proto/X-Forwarded-Host results in use of less trusted source. This vulnerability was named CVE-2026-3635. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in antchfx xpath. Affected by this vulnerability is an unknown functionality of the component Boolean XPath Expression Handler. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2026-4645. The attack is possible to be carried out remotely. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability labeled as critical has been found in WWBN AVideo up to 25.x. Affected is the function file_get_contents of the file plugin/Live/standAloneFiles/saveDVR.json.php. Executing a manipulation of the argument webSiteRootURL can lead to server-side request forgery. This vulnerability is handled as CVE-2026-33351. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in WWBN AVideo up to 25.x. This impacts an unknown function of the file setPassword.json.php. Performing a manipulation of the argument Password results in authorization bypass. This vulnerability is known as CVE-2026-33297. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in GNU Biutils. This affects an unknown function of the component BFD Library. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-4647. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in WWBN AVideo up to 25.x. It has been rated as critical. The impacted element is the function getAllCategories of the file objects/category.php of the component Request Parameter Handler. This manipulation causes sql injection. This vulnerability appears as CVE-2026-33352. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

PythonAstREPLTool无条件启用导致RCE

Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, secure, and patch consistently. (Source: Forescout) Forescout’s 2026 Riskiest Devices research maps that shift in IT, IoT, OT, and IoMT environments, with 11 new riskiest asset types entering the list this year. That is the second-largest year-over-year increase on record, and two of the new entries moved straight into … More →

The post The devices winning the race to get hacked in 2026 appeared first on Help Net Security.

RSAC 2026 Conference is taking place at the Moscone Center in San Francisco March 23 – 26. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork to highlight the standout companies you won’t want to miss. Whether you’re looking for cutting-edge innovation, industry veterans with new offerings, or rising stars shaking things up, these exhibitors are bringing something special to the floor this … More →

The post Top must-visit companies at RSAC 2026 appeared first on Help Net Security.

Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.4–0.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images. […]