A vulnerability described as critical has been identified in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection.
This vulnerability is listed as CVE-2026-7196. The attack may be performed from remote. In addition, an exploit is available.
A vulnerability marked as critical has been reported in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ID causes sql injection.
This vulnerability is tracked as CVE-2026-7194. The attack is possible to be carried out remotely. Moreover, an exploit is present.
A vulnerability labeled as problematic has been found in Cerberus FTP Server up to 2025.4.2/2026.0 on Windows. This affects an unknown function. The manipulation results in insecure preserved inherited permissions.
This vulnerability is identified as CVE-2026-6265. The attack is only possible with local access. There is not any exploit available.
The affected component should be upgraded.
A vulnerability identified as problematic has been detected in Ribblr Crotchet and Knitting 2.5 on iOS. The impacted element is an unknown function. The manipulation leads to authorization bypass.
This vulnerability is referenced as CVE-2025-15626. Remote exploitation of the attack is possible. No exploit is available.
A vulnerability categorized as critical has been discovered in KDE Plasma. The affected element is an unknown function of the component plasma-login-manager. Executing a manipulation can lead to privilege dropping / lowering errors.
The identification of this vulnerability is CVE-2026-25710. The attack can only be executed locally. There is no exploit available.
It is advisable to upgrade the affected component.
A Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal […]
BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (https://browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis: […]
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are.
Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same