Aggregator

Submit #801794 / VDB-360859

Submit #799337 / VDB-360858

A sophisticated adversarial campaign targeting South-East Asian government and military infrastructure, combining rapid exploitation of a critical cPanel authentication bypass with a custom zero-day exploit chain against an Indonesian defense-sector portal and ultimately pivoting to exfiltrate over 4GB of sensitive Chinese railway documents. The campaign’s initial access vector centered on CVE-2026-41940, a critical CVSS 9.8 […]

The post Hackers Breach Government and Military Servers by Exploiting cPanel Vulnerability appeared first on Cyber Security News.

A vulnerability was found in langflow-ai langflow up to 1.8.4. It has been declared as critical. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection. This vulnerability is handled as CVE-2026-7687. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Иногда обычная вежливость обходится бизнесу слишком дорого.

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. It has been classified as problematic. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. This vulnerability is known as CVE-2026-7686. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is recommended. The vendor provides additional details: "The affected code path is a legacy Premium activation flow that has been deprecated. eyeo has already migrated to a new user account-based licensing system. The exploit does not grant permanent Premium access. The licensing server issues a short-lived trial license (valid for approximately 24 hours) for any submitted userId. On the next license check, the server validates against a real subscription and the trial expires if no valid subscription is found. The researcher's claim of permanently unlocking all Premium features is therefore incorrect. (...) The old flow has been present for years and has not been weaponized at scale to our knowledge. The risk to eyeo and to users is minimal."

日程安排平台 Cal.com 上月宣布从开源转为闭源，理由是 AI 工具更容易从开源代码中发现漏洞，而安全性依赖于模糊，因此闭源有助于提高安全。现在英国国家医疗服务体系（NHS）以相同的理由准备关闭它几乎所有的开源库，这一决定引发了广泛争议和批评。批评者指出 NHS 公布的大部分开源库是数据集、内部工具、指南、研究工具、前端设计等，它们不会因为安全扫描技术的进步而受到影响。此外是否开源对于 Anthropic Mythos 之类的 AI 工具并无区别，因为它们也能分析二进制程序并寻找漏洞。批评者发表了公开信，呼吁 NHS 保持其代码公开。

Submit #798731 / VDB-360857

Submit #793551 / VDB-360856

A vulnerability labeled as problematic has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2026-7671. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

就用这些琐碎的记忆，留下生活的片段，记录一朵岁月的浪花。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability identified as critical has been detected in Limny 1.01. Affected by this issue is the function CheckLogin of the file includes/functions.php. The manipulation of the argument Username leads to sql injection. This vulnerability is traded as CVE-2009-4722. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in gnudip 2.1.1. It has been rated as critical. Affected is an unknown function of the file cgi-bin/gnudip.cgi. Performing a manipulation of the argument Username results in sql injection. This vulnerability is reported as CVE-2009-4720. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as problematic has been found in Joomlamo Com Cartweberp 1.56.75. This affects an unknown part of the file index.php. This manipulation of the argument controller causes path traversal. The identification of this vulnerability is CVE-2010-0982. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Utilo Rezervi 3.0.2. This vulnerability affects unknown code of the file include/mail.inc.php. Such manipulation of the argument root leads to code injection. This vulnerability is referenced as CVE-2010-0983. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Acidcat CMS up to 3.5.3. This issue affects some unknown processing. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2010-0984. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, was found in Chris Simon Com Abbrev 1.1. Impacted is an unknown function of the file index.php. Executing a manipulation of the argument controller can lead to path traversal. This vulnerability is tracked as CVE-2010-0985. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in PulseAudio 0.9.10/0.9.19 and classified as problematic. The affected element is the function pa_make_secure_dir of the file core-util.c of the component Core. The manipulation leads to link following. This vulnerability is listed as CVE-2009-1299. The attack must be carried out locally. There is no available exploit.

A vulnerability was found in Broadcom Integrated Nic Management Firmware and classified as critical. The impacted element is an unknown function of the component Firmware. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2010-0104. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.