Aggregator

A vulnerability classified as critical was found in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2026-11557. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. This vulnerability is known as CVE-2026-11556. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]

Submit #836791 / VDB-369169

Submit #836787 / VDB-367579

Submit #836790 / VDB-369168

Submit #836785 / VDB-369168

A vulnerability described as critical has been identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. This vulnerability is traded as CVE-2026-11555. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #836477 / VDB-369167

Submit #836476 / VDB-369166

AI-powered coding tools are rapidly changing how developers build and ship software. But as these tools enter everyday development pipelines, they are also opening new doors for attackers. A recently uncovered vulnerability in a widely used AI coding assistant shows just how far that risk can go. Researchers found that GitHub Actions workflows powered by […]

The post Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets appeared first on Cyber Security News.

Submit #834824 / VDB-369165

A vulnerability marked as critical has been reported in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. This vulnerability appears as CVE-2026-11554. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-11553. The attack can be launched remotely. Moreover, an exploit is present.

E' stato approvato e pubblicato il D. Lgs. 96 del 2026 sulla trasparenza retributiva: https://www.

Submit #834821 / VDB-369164

Submit #836778 / VDB-369163

В новой тактике вымогателей от первого контакта до кражи данных проходит менее часа.