Aggregator

A vulnerability categorized as critical has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. This vulnerability is identified as CVE-2026-4580. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Simple Laundry System 1.0. It has been rated as critical. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. This vulnerability is referenced as CVE-2026-4579. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as problematic. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The identification of this vulnerability is CVE-2026-4578. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as problematic. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname results in cross site scripting. This vulnerability was named CVE-2026-4577. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as problematic. Impacted is an unknown function of the file /admin/update_s5.php. Such manipulation of the argument sname leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-4576. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site scripting. This vulnerability is handled as CVE-2026-4575. The attack can be initiated remotely. Additionally, an exploit exists.

前言这个漏洞是英国 MDSecLabs 的 Filip Dragovic 发现的，据作者讲述，这个漏洞由于很巧妙，它们在红队评估中从2025年1月就开始使用，直到2026年2月报告给微软后，才在3月的补丁星期二修复，这么看也用够本了，原文只是讲了漏洞的核心部分，本文会讲清楚这个漏洞涉及的概念、如何形成的，如何利用它原文地址：https://www.mdsec.co.uk/2026/03/rip-r

Submit #775211 / VDB-352418

Submit #775210 / VDB-352417

Submit #775209 / VDB-352416

A vulnerability, which was classified as critical, was found in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. This vulnerability is known as CVE-2026-4574. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. This vulnerability is traded as CVE-2026-4573. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

车联网安全基础：NFC中继攻击

Submit #775206 / VDB-352415

Submit #775205 / VDB-352414

Submit #775204 / VDB-352413

Submit #775202 / VDB-352412

re的进阶的知识，补充常见的理论以及新出现的wasm类型

原创

Submit #775182 / VDB-352411