Aggregator

A vulnerability identified as critical has been detected in phpTransformer 2016.9. This impacts an unknown function of the file GeneratePDF.php of the component GET Handler. The manipulation of the argument idnews leads to sql injection. This vulnerability is documented as CVE-2019-25578. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #780148 / VDB-352261

Submit #780126 / VDB-351653

A vulnerability was found in Magiciso Magic Iso Maker 5.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Handler. Executing a manipulation of the argument Serial Code can lead to out-of-bounds write. This vulnerability is registered as CVE-2019-25565. The attack needs to be launched locally. Furthermore, an exploit is available.

A vulnerability was found in Memuplay Memu Play 6.0.7 and classified as critical. This impacts an unknown function of the file MemuService.exe. Such manipulation leads to missing authentication. This vulnerability is listed as CVE-2019-25568. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Valentina-Db Valentina Studio 9.0.5. This affects an unknown part. The manipulation of the argument Host results in out-of-bounds write. This vulnerability is reported as CVE-2019-25567. The attack requires a local approach. Moreover, an exploit is present.

A vulnerability classified as critical was found in Acutesystems TransMac 12.3. Affected by this vulnerability is an unknown functionality. Such manipulation of the argument volume name leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2019-25566. Local access is required to approach this attack. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. This vulnerability is known as CVE-2026-4516. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in NordVPN 6.19.6. This vulnerability affects unknown code. This manipulation of the argument email causes improper handling of overlap between protected memory ranges. This vulnerability appears as CVE-2019-25572. The attack requires local access. In addition, an exploit is available.

Bitrefill подводит итоги взлома.

全世界可能多达九成的人感染了人类多瘤病毒 2——aka JC 病毒，以首位分离出该病毒的患者 John Cunningham 的名字首字母命名。除非被激活，对大部分人而言这种病毒不会有症状。如果激活，病毒会破坏大脑，导致“进行性多灶性白质脑病（缩写 PML）”。PML 型的 JC 病毒会破坏特定的脑细胞，导致神经细胞功能障碍和死亡。PML 被认为非常罕见，但在艾滋病出现之后，在流行早期有 2% 至 5% 的 HIV 感染者会同时出现 PML。这意味着艾滋病相关联的严重免疫抑制可能是 PML 的一种激活条件。现在，根据发表在《Annals of Internal Medicine Case》期刊上的一项研究，研究人员报告了 PML 的另一种可能的激活条件——慢性肾脏病。相比 HIV，慢性肾脏病影响全世界十分之一的人口，慢性肾脏病激活 PML 型 JC 病毒可能会带来严重后果，需要警惕。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

记一次漏洞挖掘，借鉴的是D-Link DIR 615645815 service.cgi远程命令执行漏洞的思路，定位system危险函数，然后去看看能否控制参数等。

学点高级玩意儿

针对25年较新的一套SpringBoot+Vue在线教育(在线学习)系统进行代码审计

A vulnerability labeled as critical has been found in Craft CMS up to 4.17.4/5.9.10. This affects the function replaceFile. Such manipulation of the argument targetFilename leads to path traversal. This vulnerability is documented as CVE-2026-32262. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Chamilo LMS up to 1.11.35. This impacts an unknown function. Performing a manipulation of the argument keyword results in cross site scripting. This vulnerability is reported as CVE-2026-30882. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Mattermost up to 11.2.2/11.3.0. Affected by this vulnerability is an unknown functionality of the component Playbook Run API. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2026-26304. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.