Meta’s face-recognition code raises new concerns about smart glasses

Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

SUSE CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

UBUNTU-CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

UBUNTU-CVE-2026-45991

In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...

EUVD-2026-32453

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

Astra Linux - уязвимость в firefox, thunderbird

A compromised content process could have allowed malicious data to be stored in a PathRecording object, resulting in an out-of-bounds write operation. This led to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird...

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-9003 TONNET｜E-LAN Hybrid Recording System - SQL Injection

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

TONNET E-LAN Hybrid Recording System SQL注入漏洞

TONNET E-LAN Hybrid Recording System is a hybrid voice recording management system designed for communication and call center scenarios by Tonnet International TONNET Company, Taiwan, China. The TONNET E-LAN Hybrid Recording System has a SQL injection vulnerability, which can allow unauthorized...

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

CVE-2026-27737

CVE-2026-27737 affects BigBlueButton prior to version 3.0.19 . The issue arises in the recording playback (presentation format) where user input in the public chat was not sanitized, enabling a targeted XSS attack when replaying the recording. Root cause: missing input sanitization in the bbb-pla...

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...

PT-2026-41738

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.19 Description Recording playback in presentation format fails to sanitize user input within the public chat. This allows a malicious actor to execute a targeted Cross-Site Scripting XSS attack—a technique...

Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more...

CVE-2026-43489

A flaw was found in the Linux kernel's liveupdate mechanism. When a retrieve operation fails, the system does not properly record the failure status. This allows a local attacker to repeatedly attempt the operation, potentially leading to attempts to access or free already freed data structures...

CVE-2026-7929

An use after free flaw was found in the MediaRecording component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504660052...