Aggregator
Идеология закончилась, кушать хочется всегда. «Касперский» поймал бывших борцов за идею на вымогательстве у шейхов
肥胖会影响精子质量改变表观遗传标记
韦伯首次测量早期宇宙休眠黑洞质量
Червь взрослеет по таймеру, который не перезапускается. Ученые называют это первыми «одноразовыми» часами
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections between corporate networks and remote or mobile devices. Check Point Mobile Access lets mobile and remote workers connect securely to email, calendar, contacts, and corporate applications. CVE-2026-50751 affects both solutions (i.e., functions on Check Point Security … More →
The post Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) appeared first on Help Net Security.
CVE-2026-11585 | CodeAstro Student Attendance Management System 1.0 createClassArms.php classId sql injection
CVE-2026-11584 | CodeAstro Student Attendance Management System 1.0 createClass.php?action=edit ID sql injection
CVE-2026-11583 | CodeAstro Student Attendance Management System 1.0 createClass.php className sql injection
CVE-2026-11582 | CodeAstro Student Attendance Management System 1.0 index.php Username sql injection
Submit #836800: codeastro Student Attendance Management System V1.0 SQL Injection [Accepted]
Submit #836799: codeastro Student Attendance Management System V1.0 SQL Injection [Accepted]
Submit #836798: codeastro Student Attendance Management System V1.0 SQL Injection [Accepted]
Submit #836796: codeastro Student Attendance Management System V1.0 SQL Injection [Accepted]
CVE-2026-50752 | Check Point Quantum Security Gateway/Spark Firewalls certificate validation
CVE-2026-50751 | Check Point Quantum Security Gateway/Spark Firewalls IKEv1 Key Exchange improper authentication
CVE-2026-11569 | Red Hat Quay 3 Filedrop Endpoint cross site scripting (WID-SEC-2026-1816)
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability
- CVE-2026-50751 Check Point Security Gateway Improper Authentication Vulnerability
These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.