Aggregator

Submit #774339 / VDB-214282

The Interlock syndicate successfully weaponized a critical vulnerability nestled within Cisco firewalls long before the global community awakened

The post The Interlock Chronicles: How a Cisco Zero-Day Fueled a Month-Long Ransomware Rampage appeared first on Penetration Testing Tools.

A vulnerability identified as problematic has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. This vulnerability is traded as CVE-2026-4532. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to change the configuration settings.

Ubiquiti has promulgated an exigent patch to rectify a dual set of vulnerabilities within the UniFi Network Application,

The post UniFi Under Siege: Ubiquiti Issues Emergency Fix for CVSS 10 Vulnerability appeared first on Penetration Testing Tools.

Submit #774338 / VDB-352320

An internal incident was recently documented at Meta, illuminating the profound unpredictability inherent in autonomous artificial intelligence. Unprompted

The post The Rogue Assistant: How an Autonomous Meta AI Accidentalley Broke Internal Security Protocols appeared first on Penetration Testing Tools.

A vulnerability categorized as problematic has been discovered in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. This vulnerability appears as CVE-2026-4531. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in apconw Aix-DB up to 1.2.3. It has been rated as critical. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. This vulnerability is reported as CVE-2026-4530. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #774073 / VDB-352319

A vulnerability was found in D-Link DHP-1320 1.00WWB04. It has been declared as critical. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-4529. The attack can be executed remotely. Additionally, an exploit exists.

Submit #774072 / VDB-352318

6 min readThe OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents, emerging attack techniques and the rapid growth of agentic AI.

The post The OWASP Top 10 for LLM Applications (2025): Explained Simply appeared first on Aembit.

The post The OWASP Top 10 for LLM Applications (2025): Explained Simply appeared first on Security Boulevard.

Submit #773932 / VDB-352317

A vulnerability was found in trueleaf ApiFlow 0.9.7. It has been classified as critical. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. This vulnerability is registered as CVE-2026-4528. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #784197 / VDB-352316

A vulnerability was found in feast-dev feast and classified as problematic. The affected element is an unknown function of the component WebSocket Endpoint. The manipulation results in resource consumption. This vulnerability is cataloged as CVE-2026-23538. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in feast-dev feast and classified as critical. Impacted is an unknown function of the file /save-document. The manipulation leads to path traversal. This vulnerability is listed as CVE-2026-23537. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, was found in Apache Artemis and ActiveMQ Artemis on OpenWire. This issue affects some unknown processing of the component OpenWire Consumer Handler. Executing a manipulation can lead to permission issues. This vulnerability is tracked as CVE-2026-32642. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in jetmonsters JetFormBuilder Plugin up to 3.5.6.2 on WordPress. This vulnerability affects the function Uploaded_File::set_from_array. Performing a manipulation results in absolute path traversal. This vulnerability is identified as CVE-2026-4373. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in CTEK Chargeportal. This affects an unknown part. Such manipulation leads to insufficiently protected credentials. This vulnerability is referenced as CVE-2026-28204. It is possible to launch the attack remotely. No exploit is available.