Astra Linux - уязвимость в firefox, thunderbird

While implementing AudioWorklets, some code may have converted one type to another, resulting in an invalid, dynamic type. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

Astra Linux - уязвимость в firefox

Potential race conditions in IndexedDB could have caused memory corruption, resulting in a potentially exploitable crash. This vulnerability affects Firefox 132 and Thunderbird 132...

Astra Linux - уязвимость в firefox

The incorrect use of the '' method could lead to a “user-after-poison” situation and potentially cause a exploitable crash. This vulnerability affects Firefox versions earlier than 85...

Astra Linux - уязвимость в firefox, thunderbird

A malicious web page could have caused an out-of-bounds write in WebGL, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

CVE-2026-8745

A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogstimeradd in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has unveiled a new multi-model artificial intelligence AI-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for m ulti-mod el a gentic s canning h...

Beyond Findings: Connecting Exploitable Risk to Cloud Context with Wiz and HackerOne

See proven, exploitable risk in the context of your full cloud environment...

ANTI-FLUFF

PENTESTINGMETHS Main view example: Web Application As...

CVE-2026-8191

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This affects the function wifiregion of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might ...

PT-2026-40463

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed assertion failures due to a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...

Astra Linux - уязвимость в firefox, thunderbird

Uninitialized memory in a canvas object could have led to an incorrect free operation, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Astra Linux - уязвимость в firefox, thunderbird

Session history navigations may have led to a use-after-free condition, potentially causing exploitable crashes. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

CVE-2026-7675

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

Imagination Graphics DDK 资源管理错误漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a Resource Management Error vulnerability that originates when WebGPU content is loaded into the GPU GLES rendering process triggering a write-release-after-reuse crash, which...

CVE-2026-7228

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function getcartcount of the file /admin/ajax.php?action=getcartcount. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

CVE-2026-7029

A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made...