Aggregator

欢迎大家关注自在安全公众号。为更好学习交流，建了个技术交流群，大家可以扫描进群。你也可以关注公众号后@我拉你进群。

A vulnerability classified as critical was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. This vulnerability is cataloged as CVE-2026-7823. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injection. This vulnerability is listed as CVE-2026-7822. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as problematic has been identified in HashiCorp Boundary and Boundary Enterprise up to 0.19.4/0.20.2/0.21.2. This affects an unknown function of the component Node Enrollment TLS Handshake Handler. Executing a manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2026-7776. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

Submit #807781 / VDB-359826

Submit #807775 / VDB-361075

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. [...]

Submit #807773 / VDB-361074

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

The actively exploited defect could affect every mainstream Linux distribution built since 2017, but some researchers found Theori’s AI-generated disclosure unhelpful and lacking.

The post ‘Copy Fail’ is a real Linux security crisis wrapped in AI slop appeared first on CyberScoop.

Cargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods.

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access […]

A vulnerability marked as critical has been reported in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. This vulnerability is identified as CVE-2026-7812. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability labeled as critical has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-7811. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability identified as critical has been detected in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. The identification of this vulnerability is CVE-2026-7810. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #807752 / VDB-361072

Submit #807751 / VDB-361071

Submit #807748 / VDB-361070