Aggregator

Currently trending CVE - Hype Score: 26 - Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

Currently trending CVE - Hype Score: 2 - Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a ...

Currently trending CVE - Hype Score: 9 - Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents (without changes being ...

Submit #775502 / VDB-353128

Submit #775479 / VDB-353127

开源供应链攻击的又一次案例。

该恶意代码伪装成统计埋点，潜伏于 Apifox 客户端，窃取凭据并连接 C2 服务器，最终实现远程命令执行。

Organizations disclose attack details, though information may be limited. What if they did the same with close calls?

Submit #775177 / VDB-353126

Submit #775175 / VDB-353125

AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. [...]

Кажется, в иранском кибермире пополнение.

Submit #774220 / VDB-353124

Submit #774218 / VDB-353123

Submit #774209 / VDB-353122

Vorlon has unveiled AI Agent Flight Recorder and AI Agent Action Center, adding forensics and coordinated response to secure enterprise agentic ecosystems and close a key security gap. The agentic ecosystem contains SaaS applications, AI agents, API integrations, non-human identities, and the sensitive data flows connecting them. It’s become the fastest-growing attack surface in the enterprise, moves at machine speed, and most organizations lack adequate supervision. The Agentic Ecosystem Security Gap: 2026 CISO Report, a … More →

The post Vorlon adds forensics and response to secure AI agents appeared first on Help Net Security.

A vulnerability marked as critical has been reported in opensourcepos Open Source Point of Sale up to 3.4.1. The affected element is the function search_custom of the component Custom Attributes Handler. This manipulation causes sql injection. This vulnerability is registered as CVE-2026-32888. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, has been found in tinytag up to 2.2.0. Affected is the function _parse_synced_lyrics. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2026-32889. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Discourse up to 2026.1.1/2026.2.0/2026.3.0-latest. The impacted element is the function allowed_names. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2026-31869. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.