Daily Updates
Cyber News
Short, concise cybersecurity updates. 17 records found.
GitLab CVE-2026-10733 Vulnerability
GitLab has remediated a vulnerability in GitLab CE/EE that could allow an authenticated user to cause a denial of service on the CI/CD Catalog page.
PDM Vulnerability Allows Arbitrary Code Execution
A vulnerability in PDM (Python package manager) allows arbitrary code execution with the privileges of the user running `pdm` from an untrusted repository checkout.
@hulumi/policies vulnerability allows bypassing policy packs with forged Pulumi-URN logical name
A high-severity vulnerability in @hulumi/policies allows developers to bypass mandatory hardening checks by naming resources with a trusted substring, affecting multiple cloud providers.
Siemens KACO Blueplanet Inverters Contain Multiple Vulnerabilities
Multiple vulnerabilities in Siemens KACO Blueplanet Inverters could allow an attacker to derive credentials from the device's serial number and gain unauthorized access.
Netty SNI Handler Vulnerability Allows for Large Memory Allocation
A vulnerability in Netty's SNI handler allows for large memory allocation from a small amount of attacker-controlled data, potentially leading to a denial-of-service attack.
CVE-2026-11448 Vulnerability Found in GL.iNet GL-MT3000
A command injection vulnerability has been identified in GL.iNet GL-MT3000 up to version 4.4.5, affecting the Minidlna Service component.
Samsung Assistant Vulnerability Allows Local Script Execution
A vulnerability in Samsung Assistant prior to version 9.3.14 allows local attackers to execute arbitrary scripts due to improper export of Android application components.
Keyless Car Theft Can Occur in Under a Minute
Thieves can steal keyless cars in under a minute using cheap radio amplifiers and a fob inside the house. Most keyless cars remain vulnerable to this type of attack.
Jupyter Enterprise Gateway Vulnerability Allows Root Access
A vulnerability in Jupyter Enterprise Gateway allows bypassing prohibited UID and GID checks, enabling the launch of kernels with root privileges.
praisonai-platform Vulnerability Allows Workspace Takeover
A vulnerability in praisonai-platform allows any member to remove any other member, including the workspace owner, enabling a full workspace takeover.
Critical Vulnerability in praisonai-platform: Hardcoded JWT Signing Key Allows Token Forgery
A critical vulnerability in praisonai-platform allows attackers to forge JWT tokens for any user due to a hardcoded signing key.
stigmem-node Vulnerability: Auth-Disabled Deployments Expose to Broad Anonymous Access
A vulnerability in stigmem-node allows auth-disabled deployments to grant broad anonymous access outside loopback environments. Operators who disabled authentication while binding the node to a non-loopback URL are impacted.
WordPress Breeze Plugin Vulnerability Exposes Sensitive Information
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2.
Veeam Backup & Replication Server Vulnerability
A vulnerability in Veeam Backup & Replication server allows an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based systems.
stigmem-node's Postgres Schema Identifier Handling Vulnerability
A vulnerability in stigmem-node's Postgres schema identifier handling requires defensive quoting to prevent potential SQL injection attacks. The vulnerability has been patched in version 0.9.0a2.
Daemon Tools Lite Vulnerability Under Active Exploitation
A high-severity vulnerability in Daemon Tools Lite is being actively exploited, impacting confidentiality, integrity, and availability.
Nx Console Vulnerability Allows Credential Harvesting
A malicious version of Nx Console was published due to an embedded malicious code vulnerability, allowing the harvesting of credentials from multiple sources.