Aggregator

CVE-2020-36518 | Oracle Banking Loans Servicing 2.8.0/2.12.0 Web UI denial of service (EUVD-2022-1319 / Nessus ID 240509)

Vuldb Updates
2 days 11 hours ago
A vulnerability, which was classified as critical, has been found in Oracle Banking Loans Servicing 2.8.0/2.12.0. This affects an unknown part of the component Web UI. The manipulation leads to denial of service. This vulnerability is traded as CVE-2020-36518. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2020-36518 | Oracle Business Intelligence Enterprise Edition 6.4.0.0 Analytics Server denial of service (EUVD-2022-1319 / Nessus ID 240509)

Vuldb Updates
2 days 11 hours ago
A vulnerability, which was classified as critical, has been found in Oracle Business Intelligence Enterprise Edition 6.4.0.0. Affected by this vulnerability is an unknown functionality of the component Analytics Server. The manipulation leads to denial of service. This vulnerability is documented as CVE-2020-36518. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2026-21669 | Veeam Backup and Replication up to 13.0.0 privilege escalation (kb4831 / Nessus ID 303202)

Vuldb Updates
2 days 11 hours ago
A vulnerability described as critical has been identified in Veeam Backup and Replication up to 13.0.0. Affected by this issue is some unknown functionality. The manipulation results in privilege escalation. This vulnerability is known as CVE-2026-21669. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2023-50303 | IBM InfoSphere Information Server 11.7 Web UI cross site scripting (Nessus ID 303203 / XFDB-273333)

Vuldb Updates
2 days 11 hours ago
A vulnerability, which was classified as problematic, was found in IBM InfoSphere Information Server 11.7. The impacted element is an unknown function of the component Web UI. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2023-50303. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2023-40699 | IBM InfoSphere Information Server 11.7 denial of service (EUVD-2023-45255 / Nessus ID 303203)

Vuldb Updates
2 days 11 hours ago
A vulnerability, which was classified as problematic, has been found in IBM InfoSphere Information Server 11.7. Impacted is an unknown function. This manipulation causes denial of service. This vulnerability is registered as CVE-2023-40699. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-4541 | janmojzis tinyssh up to 20250501 Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification (Issue 101 / EUVD-2026-14291)

Vuldb Updates
2 days 11 hours ago
A vulnerability was found in janmojzis tinyssh up to 20250501. It has been classified as problematic. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. This vulnerability is tracked as CVE-2026-4541. The attack is restricted to local execution. Moreover, an exploit is present. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-4115 | PuTTY 0.83 Ed25519 Signature crypto/ecc-ssh.c eddsa_verify signature verification (EUVD-2026-14301 / Nessus ID 303305)

Vuldb Updates
2 days 11 hours ago
A vulnerability was found in PuTTY 0.83. It has been declared as problematic. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. This vulnerability was named CVE-2026-4115. The attack may be performed from remote. In addition, an exploit is available. The real existence of this vulnerability is still doubted at the moment. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a patch for the affected product. However, at the moment there is no proof that this flaw might have any real-world impact.
vuldb.com

CVE-2026-1764 | GNOME localsearch MP3 Extractor heap-based overflow (Nessus ID 303311)

Vuldb Updates
2 days 11 hours ago
A vulnerability identified as critical has been detected in GNOME localsearch. Affected by this vulnerability is an unknown functionality of the component MP3 Extractor. This manipulation causes heap-based buffer overflow. This vulnerability appears as CVE-2026-1764. The attack requires local access. There is no available exploit. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2026-1765 | GNOME localsearch TXXX Tag heap-based overflow (Nessus ID 303311)

Vuldb Updates
2 days 11 hours ago
A vulnerability labeled as critical has been found in GNOME localsearch. Affected by this issue is some unknown functionality of the component TXXX Tag Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-1765. An attack has to be approached locally. There is no exploit available. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2026-1766 | GNOME localsearch ID3v2.3 COMM Tag heap-based overflow (Nessus ID 303311)

Vuldb Updates
2 days 11 hours ago
A vulnerability marked as critical has been reported in GNOME localsearch. This affects an unknown part of the component ID3v2.3 COMM Tag Handler. Performing a manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2026-1766. Attacking locally is a requirement. No exploit is available. It is suggested to install a patch to address this issue.
vuldb.com

CVE-2026-1767 | GNOME localsearch MP3 Extractor heap-based overflow (Nessus ID 303311)

Vuldb Updates
2 days 11 hours ago
A vulnerability described as critical has been identified in GNOME localsearch. This vulnerability affects unknown code of the component MP3 Extractor. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is handled as CVE-2026-1767. It is possible to launch the attack on the local host. There is not any exploit available. A patch should be applied to remediate this issue.
vuldb.com

The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson

Security Boulevard
2 days 11 hours ago

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico’s […]

The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Shared Security Podcast.

The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Security Boulevard.

Tom Eston

嘶吼安全动态|国家级电力AI中试基地启用,华为、百度入驻筑牢能源AI安全 OpenWebUI服务器遭攻击,被植入挖矿与信息窃取恶意代码

嘶吼
2 days 12 hours ago

嘶吼安全动态

【国内新闻】

国家级电力AI中试基地启用,华为、百度入驻筑牢能源AI安全

摘要:作为电力人工智能领域的“桥梁型平台”,中试基地已成功连接100多家不同领域单位。

原文链接:https://baijiahao.baidu.com/s?id=1860252756515987591&wfr=spider&for=pc

中央网信办规范短视频标注,AI摆拍/虚假营销强制显形溯源

摘要:全平台整治无标识AI生成内容、虚构演绎,启用AI识别+人工复核,违规内容下架整改,净化内容生态。

原文链接:http://m.toutiao.com/group/7619651131685388815/

AI智能体风险被系统性揭示 

摘要:国家互联网应急中心指出AI智能体面临提示词注入、插件投毒等风险,攻击者可诱导模型泄露敏感数据或执行恶意操作,攻击门槛显著降低。

原文链接:

https://www.stcn.com/article/detail/3691088.html 

北京网安破获特大“网络开盒”案,涉案信息超千万条

摘要:嫌疑人搭建社工库非法售卖个人信息,涉案网站访问量30万+,5人因侵犯公民个人信息罪获刑1年6个月至7年,罚金1.5万-7万元。

原文链接:http://m.toutiao.com/group/7620051829627306534/

【国外新闻】

OpenClaw风险引发全球安全关注 

摘要:AI智能体OpenClaw安全问题被认为具有全球影响,涉及设备劫持、数据泄露及金融操作风险,多国开始关注其潜在攻击面扩展问题。

原文链接:

https://www.chinanews.com.cn/sh/2026/03-23/10591104.shtml

OpenWebUI服务器遭攻击,被植入挖矿与信息窃取恶意代码 

摘要:研究人员发现大量未开启认证的OpenWebUI实例被攻击,黑客利用其AI接口部署挖矿程序与信息窃取工具,并通过混淆技术隐藏恶意载荷,部分脚本疑似AI生成,显示AI应用正成为新型攻击入口。

原文链接:https://gbhackers.com/openwebui-servers-targeted/

Oracle修复高危RCE漏洞,可被远程未认证利用 

摘要:Oracle修复CVE-2026-21992漏洞,影响Identity Manager与Web Services Manager。该漏洞无需认证即可远程执行代码,攻击者可完全控制系统、窃取身份数据并横向移动,CVSS评分高达9.8。

原文链接:https://gbhackers.com/oracle-fixes-high-severity-rce-vulnerability/

VoidStealer窃密木马绕过Chrome加密机制

摘要:新型信息窃取木马VoidStealer通过调试器技术绕过Chrome应用绑定加密(ABE),利用硬件断点在内存中提取主密钥,无需提权或注入代码,隐蔽性极强,标志浏览器安全防护再次被突破。

原文链接:

https://www.bleepingcomputer.com/news/security/voidstealer-malware-steals-chrome-master-key-via-debugger-trick/ 

Trivy漏洞扫描器遭供应链攻击,GitHub Actions被植入窃密程序 

摘要:攻击者入侵Trivy项目并篡改GitHub Actions标签,将恶意代码注入CI/CD流程,窃取环境变量、密钥及云凭证。攻击利用标签投毒机制实现隐蔽传播,影响大量开发流水线。

原文链接:

https://www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/

山卡拉

Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data

Cyber Security News
2 days 12 hours ago

A threat actor has allegedly exfiltrated approximately 100 GB of personally identifiable information (PII) from Crunchyroll, the Sony-owned anime streaming giant, after gaining access through a compromised employee at the platform’s outsourcing partner, Telus. The breach, which reportedly occurred on March 12, 2026, has not been publicly acknowledged by Crunchyroll as of this writing. According […]

The post Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data appeared first on Cyber Security News.

Guru Baran

Managed ad