New stealthy Quasar Linux malware targets software developers
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities. [...]
Aggregator
CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
1 month 2 weeks ago
The agency will begin targeted assessments meant to help critical infrastructure entities operate while disconnecting OT networks from IT and third-party vendors.
The post CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict appeared first on CyberScoop.
djohnson
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
Instructure hacker claims data theft from 8,800 schools, universities
1 month 2 weeks ago
The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. [...]
Lawrence Abrams
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 2 weeks ago
You must login to view this content
cohenido
CVE-2026-33489 | CoreDNS up to 1.14.2 transfer.go longestMatch authorization (EUVD-2026-27450)
1 month 2 weeks ago
A vulnerability was found in CoreDNS up to 1.14.2. It has been classified as problematic. This issue affects the function longestMatch of the file plugin/transfer/transfer.go. Performing a manipulation results in incorrect authorization.
This vulnerability was named CVE-2026-33489. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-40329 | Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 beanFeed.cfc getQuery sortBy sql injection (GHSA-3xpq-q494-8qq4 / EUVD-2026-27478)
1 month 2 weeks ago
A vulnerability was found in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. It has been classified as critical. The impacted element is the function getQuery of the file beanFeed.cfc. The manipulation of the argument sortBy leads to sql injection.
This vulnerability is uniquely identified as CVE-2026-40329. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-32699 | NeoRazorX facturascripts up to 2025.92 User Interface nick external control of assumed-immutable web parameter (EUVD-2026-27438)
1 month 2 weeks ago
A vulnerability marked as problematic has been reported in NeoRazorX facturascripts up to 2025.92. The impacted element is an unknown function of the component User Interface. This manipulation of the argument nick causes external control of assumed-immutable web parameter.
This vulnerability is registered as CVE-2026-32699. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-40330 | Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 beanFeed.cfc getQuery sortDirection sql injection (GHSA-56cc-gxfr-hqp8 / EUVD-2026-27480)
1 month 2 weeks ago
A vulnerability was found in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 and classified as critical. The affected element is the function getQuery of the file beanFeed.cfc. Executing a manipulation of the argument sortDirection can lead to sql injection.
This vulnerability is handled as CVE-2026-40330. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-38947 | FluentCMS 1.2.3 TextHTML Plugin HTML injection (Issue 2405 / EUVD-2026-27474)
1 month 2 weeks ago
A vulnerability was found in FluentCMS 1.2.3. It has been rated as problematic. This impacts an unknown function of the component TextHTML Plugin. This manipulation causes HTML injection.
The identification of this vulnerability is CVE-2026-38947. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-44331 | ProFTPd up to 1.3.9a contrib/mod_wrap2_sql.c sqltab_fetch_clients_cb sql injection (Issue 2057 / EUVD-2026-27484)
1 month 2 weeks ago
A vulnerability was found in ProFTPd up to 1.3.9a. It has been declared as critical. This affects the function sqltab_fetch_clients_cb of the file contrib/mod_wrap2_sql.c. The manipulation results in sql injection.
This vulnerability was named CVE-2026-44331. The attack may be performed from remote. There is no available exploit.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2026-40331 | Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 feedGateway.cfc setAltTable altTable sql injection (GHSA-jphh-r686-6w7j / EUVD-2026-27482)
1 month 2 weeks ago
A vulnerability categorized as critical has been discovered in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. Affected is the function setAltTable of the file feedGateway.cfc. Such manipulation of the argument altTable leads to sql injection.
This vulnerability is referenced as CVE-2026-40331. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
Is Your Organization Ready to Scale AI Securely
1 month 2 weeks ago