Aggregator

Submit #774682 / VDB-346174

Submit #774681 / VDB-352326

A vulnerability classified as critical was found in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The identification of this vulnerability is CVE-2026-4537. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. This vulnerability was named CVE-2026-4536. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Economical IP-KVM apparatuses, which facilitate remote, hardware-level dominion over computers, have emerged as a formidable peril to corporate

The post The Trojan at the Console: How Budget IP-KVMs Are Opening a Backdoor to Corporate Silicon appeared first on Penetration Testing Tools.

Submit #774672 / VDB-303135

A vulnerability described as critical has been identified in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-4535. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-4534. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #774583 / VDB-319914

Google is orchestrating a profound transfiguration within the Android dominion, an evolution destined to irrevocably alter the landscape

The post The Sideloading Purgatory: Google’s Draconian Architecture to Subjugate the Independent APK appeared first on Penetration Testing Tools.

Submit #774564 / VDB-326109

Submit #774447 / VDB-352325

A vulnerability labeled as critical has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. This vulnerability is known as CVE-2026-4533. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #774423 / VDB-352324

Mozilla has resolved to reinvigorate Firefox, concurrently serving as a poignant reminder of the intrinsic value of possessing

The post The Firefox Renaissance: Why the Version 149 Update is a Battle Cry for Browser Sovereignty appeared first on Penetration Testing Tools.

Submit #774343 / VDB-352323

Submit #774342 / VDB-352322

Submit #774341 / VDB-352321

12 спутников управляют гуманоидами с орбиты — и к 2035 году их будет 2800.

Submit #774339 / VDB-214282