Aggregator

BSidesSLC

Author, Creator & Presenter: Andrew Crottym - Warrant Officer (Cyber Warfare), United States Army Reserve

Our thanks to BSidesCache for publishing their Creators, Authors and Presenter’s outstanding BSidesCache 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesCache 2025 – From Law Enforcement To Cybersecurity: Building Skills That Matter appeared first on Security Boulevard.

The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]

A vulnerability categorized as problematic has been discovered in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The identification of this vulnerability is CVE-2026-4356. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Portabilis i-Educar 2.11. It has been rated as problematic. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of the argument Name results in cross site scripting. This vulnerability was named CVE-2026-4355. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in GL-iNet Comet KVM. It has been declared as critical. This affects an unknown function of the component UART. Such manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-32291. The attack can be executed directly on the physical device. No exploit exists.

A vulnerability was found in ANGEET ES3 KVM. It has been classified as critical. The impacted element is an unknown function. This manipulation causes os command injection. This vulnerability is handled as CVE-2026-32298. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in JetKVM up to 0.5.3 and classified as problematic. The affected element is an unknown function. The manipulation results in improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2026-32295. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

Submit #772854 / VDB-351395

A vulnerability has been found in GL-iNet Comet KVM up to 1.7.1 and classified as critical. Impacted is an unknown function. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2026-32293. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

Submit #772839 / VDB-351394

A vulnerability, which was classified as critical, was found in GL-iNet Comet KVM. This issue affects some unknown processing. Executing a manipulation can lead to insufficient verification of data authenticity. This vulnerability appears as CVE-2026-32290. The attack requires local access. There is no available exploit.