Aggregator

CVE-2026-20165 | Splunk Enterprise/Cloud Platform log file (SVD-2026-0304 / Nessus ID 301872)

Vuldb Updates
2 weeks 4 days ago
A vulnerability, which was classified as problematic, has been found in Splunk Enterprise and Cloud Platform. This vulnerability affects unknown code. Performing a manipulation results in sensitive information in log files. This vulnerability was named CVE-2026-20165. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-31962 | samtools htslib up to 1.21.0/1.22.1/1.23 cram_decode_seq heap-based overflow (GHSA-xxmp-v7h3-gpwp / EUVD-2026-12923)

Vuldb Updates
2 weeks 4 days ago
A vulnerability classified as critical has been found in samtools htslib up to 1.21.0/1.22.1/1.23. Affected is the function cram_decode_seq. The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-31962. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-32611 | nicolargo glances up to 4.5.1 TimescaleDB Export __init__.py sql injection (GHSA-49g7-2ww7-3vf5)

Vuldb Updates
2 weeks 4 days ago
A vulnerability, which was classified as critical, was found in nicolargo glances up to 4.5.1. Impacted is an unknown function of the file glances/exports/glances_duckdb/__init__.py of the component TimescaleDB Export Module. Executing a manipulation can lead to sql injection. This vulnerability appears as CVE-2026-32611. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.
vuldb.com

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

The Hackers News
2 weeks 4 days ago
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March
The Hacker News

CVE-2026-33400 | ellite Wallos up to 4.6.x Statistics Page payment cross site scripting

VulDB Recent Entries
2 weeks 4 days ago
A vulnerability has been found in ellite Wallos up to 4.6.x and classified as problematic. The affected element is the function payment of the component Statistics Page. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-33400. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-33401 | ellite Wallos up to 4.6.x AI Recommendations Endpoint AI Ollama host server-side request forgery

VulDB Recent Entries
2 weeks 4 days ago
A vulnerability, which was classified as critical, was found in ellite Wallos up to 4.6.x. Impacted is an unknown function of the component AI Recommendations Endpoint. The manipulation of the argument AI Ollama host results in server-side request forgery. This vulnerability is known as CVE-2026-33401. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-33407 | ellite Wallos up to 4.6.x Endpoint search.php HTTP_PROXY/HTTPS_PROXY server-side request forgery

VulDB Recent Entries
2 weeks 4 days ago
A vulnerability, which was classified as critical, has been found in ellite Wallos up to 4.6.x. This issue affects some unknown processing of the file endpoints/logos/search.php of the component Endpoint. The manipulation of the argument HTTP_PROXY/HTTPS_PROXY leads to server-side request forgery. This vulnerability is traded as CVE-2026-33407. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-33399 | ellite Wallos up to 4.6.x Notifications validate_webhook_url_for_ssrf server-side request forgery

VulDB Recent Entries
2 weeks 4 days ago
A vulnerability classified as critical was found in ellite Wallos up to 4.6.x. This vulnerability affects the function validate_webhook_url_for_ssrf of the component Notifications Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2026-33399. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

HackerOne Data Breach – Employees Data Stolen Following Navia Hack

Cyber Security News
2 weeks 4 days ago

HackerOne recently disclosed a data breach affecting 287 of its employees following a cyberattack on its U.S. benefits administrator, Navia Benefit Solutions. The breach stemmed from a Broken Object Level Authorization (BOLA) vulnerability in Navia’s API, which exposed the sensitive personal and health information of approximately 2.7 million individuals nationwide. An unknown threat actor exploited […]

The post HackerOne Data Breach – Employees Data Stolen Following Navia Hack appeared first on Cyber Security News.

Guru Baran

Managed ad