Aggregator

Submit #775593 / VDB-352430

A vulnerability was found in PuTTY 0.83. It has been declared as problematic. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. This vulnerability was named CVE-2026-4115. The attack may be performed from remote. In addition, an exploit is available. The real existence of this vulnerability is still doubted at the moment. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a patch for the affected product. However, at the moment there is no proof that this flaw might have any real-world impact.

Submit #775576 / VDB-352429

A vulnerability was found in kalcaddle kodbox 1.64. It has been classified as critical. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2026-4592. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in kalcaddle kodbox 1.64 and classified as critical. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-4591. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in kalcaddle kodbox 1.64 and classified as problematic. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site request forgery. This vulnerability is known as CVE-2026-4590. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. This vulnerability is traded as CVE-2026-4589. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic key . This vulnerability appears as CVE-2026-4588. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #775471 / VDB-352428

Submit #775470 / VDB-352427

Submit #775469 / VDB-352426

Submit #775467 / VDB-352425

Submit #775464 / VDB-352424

Ten finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.

Submit #775465 / VDB-321256

Программа контролирует каждый байт, который ИИ пытается отправить наружу.

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...