Aggregator

A vulnerability was found in code-projects Simple Laundry System 1.0 and classified as critical. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. This vulnerability was named CVE-2026-4908. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in code-projects Exam Form Submission 1.0/7.php. It has been classified as problematic. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. The identification of this vulnerability is CVE-2026-4909. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. It has been declared as critical. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. This vulnerability is referenced as CVE-2026-4910. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Currently trending CVE - Hype Score: 1 - Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519.

Currently trending CVE - Hype Score: 12 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have ...

Honeywellが提供するIQ4x BMS Controllerには、重要な機能に対する認証の欠如の脆弱性が存在します。

Запускать новые станции стали на годы быстрее.

A vulnerability labeled as critical has been found in NLTK up to 3.9.3. This affects an unknown part. Executing a manipulation can lead to path traversal. This vulnerability is tracked as CVE-2026-33236. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in kelvinmo simplejwt up to 1.1.0. It has been classified as problematic. Affected by this vulnerability is the function JWE::decrypt. This manipulation causes resource consumption. This vulnerability is handled as CVE-2026-33204. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in NLTK up to 3.9.3. It has been declared as critical. Affected by this issue is the function nltk.app.wordnet_app. Such manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-33231. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability was found in Ruby json up to 2.19.1. It has been rated as critical. This affects the function allow_duplicate_key. Performing a manipulation results in format string. This vulnerability was named CVE-2026-33210. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in SiYuan up to 3.6.1. Affected by this issue is some unknown functionality of the component Incoming Message Handler. The manipulation of the argument auth keepalive results in uncaught exception. This vulnerability is cataloged as CVE-2026-33203. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in NLTK up to 3.9.3. This affects the function nltk.app.wordnet_app. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-33230. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability identified as critical has been detected in budibase up to 3.30.6. Affected is an unknown function of the file /api/queries/preview. Performing a manipulation results in server-side request forgery. This vulnerability was named CVE-2026-33226. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability labeled as problematic has been found in Nhost up to 0.11.x. Affected by this vulnerability is an unknown functionality of the component Storage Service. Executing a manipulation can lead to insufficient verification of data authenticity. The identification of this vulnerability is CVE-2026-33221. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in WebReflection flatted up to 3.4.1. Affected is the function parse of the component JSON Parser. The manipulation results in improperly controlled modification of object prototype attributes. This vulnerability is identified as CVE-2026-33228. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in avo-hq avo up to 3.30.2. It has been classified as problematic. This issue affects some unknown processing. The manipulation of the argument return_to leads to cross site scripting. This vulnerability is documented as CVE-2026-33209. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in barebox up to 2025.09.2/2026.03.0. It has been declared as critical. Impacted is an unknown function. The manipulation results in insufficient verification of data authenticity. This vulnerability is reported as CVE-2026-33243. The attack requires a local approach. No exploit exists. It is recommended to upgrade the affected component.

Владельцам систем остаётся только наблюдать за чужим сценарием.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先，我需要仔细阅读文章内容。文章主要讲的是Backdoor这个后门程序，它在内核级别运行，使用BPF被动检查流量，并在特定的数据包触发时启动。这样做的好处是不需要暴露端口或典型的C2指示器。 接下来，文章提到这种技术允许长期的持续性和隐蔽访问核心网络基础设施，而且从标准监控中很难发现。这说明它的隐蔽性和持久性很强。 然后，文章指出这是一个网络层后门设计的有趣案例，而不是传统的用户空间植入。这意味着它不同于常见的后门技术，可能更难以检测和防御。 现在，我需要将这些信息浓缩到一百个字以内。要确保涵盖主要点：内核级后门、BPF技术、被动检查流量、特定数据包触发、避免暴露端口和C2指标、长期持续性、隐蔽访问、标准监控难发现、网络层设计而非用户空间。 可能的结构是先说明Backdoor的工作机制和优势，然后提到其效果和独特性。例如：“Backdoor是一种内核级后门，利用BPF被动检查流量并在特定数据包触发时启动。它避免了暴露端口或典型C2指标，允许长期持续性和隐蔽访问核心网络基础设施，并且难以被标准监控发现。” 这样大约在100字左右。 检查一下是否遗漏了关键点：内核级、BPF、被动检查、特定数据包触发、避免暴露端口和C2指标、长期持续性、隐蔽访问、标准监控难发现、网络层设计而非用户空间。看起来都涵盖了。 最后，确保语言简洁明了，没有使用复杂的术语，让读者容易理解。 Backdoor是一种内核级后门技术,利用BPF被动检查网络流量并在特定数据包触发时启动,避免暴露端口或典型C2指标,实现长期持续性和隐蔽访问核心网络基础设施,且难以被标准监控发现。