Aggregator

CVE-2026-4602 | jsrsasign up to 11.1.0 ext/jsbn2.js numeric conversion (SNYK-JS-JSRSASIGN-15371175 / EUVD-2026-14379)

2 days 8 hours ago

A vulnerability described as problematic has been identified in jsrsasign up to 11.1.0. The affected element is an unknown function of the file ext/jsbn2.js. Such manipulation leads to incorrect conversion between numeric types. This vulnerability is referenced as CVE-2026-4602. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

vuldb.com

CVE-2026-4601 | jsrsasign up to 11.1.0 Private Key KJUR.crypto.DSA.signWithMessageHash missing cryptographic step (SNYK-JS-JSRSASIGN-15370941 / EUVD-2026-14377)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability marked as problematic has been reported in jsrsasign up to 11.1.0. Impacted is the function KJUR.crypto.DSA.signWithMessageHash of the component Private Key Handler. This manipulation causes missing cryptographic step. The identification of this vulnerability is CVE-2026-4601. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2026-4603 | jsrsasign up to 11.1.0 KEYUTIL Parser ext/rsa.js divide by zero (SNYK-JS-JSRSASIGN-15371176 / EUVD-2026-14380)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability labeled as problematic has been found in jsrsasign up to 11.1.0. This issue affects some unknown processing of the file ext/rsa.js of the component KEYUTIL Parser. The manipulation results in divide by zero. This vulnerability was named CVE-2026-4603. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2026-4600 | jsrsasign up to 11.1.0 Domain src/dsa-2.0.js KJUR.crypto.DSA.setPublic signature verification (SNYK-JS-JSRSASIGN-15370940 / EUVD-2026-14375)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability identified as problematic has been detected in jsrsasign up to 11.1.0. This vulnerability affects the function KJUR.crypto.DSA.setPublic of the file src/dsa-2.0.js of the component Domain Handler. The manipulation leads to improper verification of cryptographic signature. This vulnerability is uniquely identified as CVE-2026-4600. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

vuldb.com

CVE-2026-4599 | jsrsasign up to 11.1.0 Private Key src/crypto-1.1.js incomplete comparison with missing factors (SNYK-JS-JSRSASIGN-15370939 / EUVD-2026-14373)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability categorized as critical has been discovered in jsrsasign up to 11.1.0. This affects the function getRandomBigIntegerZeroToMax/getRandomBigIntegerMinToMax of the file src/crypto-1.1.js of the component Private Key Handler. Executing a manipulation can lead to incomplete comparison with missing factors. This vulnerability is handled as CVE-2026-4599. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

The Hackers News

2 days 8 hours ago

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's

The Hacker News

CVE-2026-4598 | jsrsasign up to 11.1.0 ext/jsbn2.js bnModInverse infinite loop (SNYK-JS-JSRSASIGN-15370938 / EUVD-2026-14371)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability was found in jsrsasign up to 11.1.0. It has been rated as problematic. Affected by this issue is the function bnModInverse of the file ext/jsbn2.js. Performing a manipulation results in infinite loop. This vulnerability is known as CVE-2026-4598. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

vuldb.com

Submit #775780: code-projects Simple Flight Ticket Booking System V1.0 SQL Injection [Duplicate]

Vuldb Submit

2 days 8 hours ago

Submit #775780 / VDB-349656

Xu Zhihan

CVE-2025-10731 | ReviewX Plugin up to 2.2.12 on WordPress Setting allReminderSettings improper authorization (EUVD-2025-208926)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability was found in ReviewX Plugin up to 2.2.12 on WordPress. It has been declared as critical. Affected by this vulnerability is the function allReminderSettings of the component Setting Handler. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-10731. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-10734 | ReviewX Plugin up to 2.2.12 on WordPress syncedData sensitive information (EUVD-2025-208928)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability was found in ReviewX Plugin up to 2.2.12 on WordPress. It has been classified as problematic. Affected is the function syncedData. This manipulation causes insecure storage of sensitive information. This vulnerability appears as CVE-2025-10734. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2025-10679 | ReviewX Plugin up to 2.2.12 on WordPress bulkTenReviews code injection (EUVD-2025-208924)

VulDB Recent Entries

2 days 8 hours ago

A vulnerability was found in ReviewX Plugin up to 2.2.12 on WordPress and classified as critical. This impacts the function bulkTenReviews. The manipulation results in code injection. This vulnerability is reported as CVE-2025-10679. The attack can be launched remotely. No exploit exists.

vuldb.com

CVE-2026-4623 | DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00 API Module /api/System.php url server-side request forgery

VulDB Recent Entries

2 days 8 hours ago

A vulnerability has been found in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00 and classified as critical. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. This vulnerability is documented as CVE-2026-4623. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is suggested to install a patch to address this issue.

vuldb.com

Submit #775760: DefaultFuction CRM V1.0.0 Server-Side Request Forgery [Accepted]

Vuldb Submit

2 days 8 hours ago

Submit #775760 / VDB-352482

Practice

第十九届全国大学生信息安全竞赛（创新实践能力赛）暨第三届“长城杯”网数智安全大赛（防护赛）半决赛圆满举办

嘶吼

2 days 8 hours ago

3月22日，由中央网络安全和信息化委员会办公室、教育部、国家市场监督管理总局、国家数据局指导，中国信息安全测评中心、中国电信集团有限公司、中国移动通信集团有限公司、中国联合网络通信集团有限公司、北京师范大学联合主办的第十九届全国大学生信息安全竞赛（创新实践能力赛）暨第三届“长城杯”网数智安全大赛（防护赛）（以下简称“大赛”）半决赛，在辽宁、浙江、湖北、广东、重庆、陕西六大赛区同步拉开帷幕。本届大赛以“网络智能防护，开启数字安全新时代”为主题，不仅彰显了我国在实战型网络安全人才培养方面的坚定决心，更标志着我国网络安全人才培养和产学研用生态发展迈入了“数智融合”的新阶段。

【赛事与布局：辐射全国，逾万名师生参与】

大赛始终坚持“以赛促学、以赛促教、以赛促智、以赛促用”的办赛宗旨，本年度影响力再上新台阶。数据显示，大赛共吸引了全国（含香港、澳门特别行政区）804所高校、4150支队伍、逾万名师生报名参与，参赛规模与覆盖广度均创下历届新高。

辽宁赛区半决赛开幕现场

中国信息安全测评中心办公会成员石竑松同志（左）

东北大学副校长王兴伟（右）

浙江赛区半决赛开幕现场

杭州电子科技大学副校长李文钧（左上）

教育部高等学校网络空间安全专业教学指导委员会秘书长封化民（右上）

中国信息安全测评中心副书记吴海燕（左下）

教育部高等学校网络空间安全专业教学指导委员会副主任李建华（右下）

湖北赛区半决赛开幕现场

湖北省东西湖区人民政府区长周明（左）

中国信息安全测评中心副主任李云祺（中）

武汉大学党委副书记屈文谦（右）

广东赛区半决赛开幕现场

中国信息安全测评中心办公会成员吴润浦（左）

广东外语外贸大学党委书记石佑启（右）

重庆赛区半决赛开幕现场

重庆邮电大学副校长李伟生（左）

中国信息安全测评中心副主任张涛（右）

陕西赛区半决赛开幕现场

西安邮电大学校长卢光跃（左）

中国信息安全测评中心副主任温哲（右）

【赛制与激励：双轨并进，激发人才活力】

经过长达8小时的激烈角逐，各赛区前25支队伍（全国共150支队伍）凭借卓越的表现成功晋级第三届“长城杯”网数智安全大赛（防护赛）决赛。同时，六大分赛区共产生80支队伍晋级第十九届全国大学生信息安全竞赛（创新实践能力赛）总决赛。晋级名单将在赛事官方网站（http://www.ciscn.cn和http://ccb.itsec.gov.cn/）公布。此外，各赛区排名前25位的参赛队伍获得奖金，所有半决赛参赛选手获颁国家信息安全水平考试（NISP）一级证书，这不仅是对他们专业能力的认可，也是对他们未来职业发展的有力支持。

辽宁赛区比赛现场

浙江赛区比赛现场

湖北赛区比赛现场

广东赛区比赛现场

重庆赛区比赛现场

陕西赛区比赛现场

【赛区战报：精英对决，荣耀时刻】

在各个赛区的半决赛中，都上演了一场场精彩绝伦的对决。辽宁赛区半决赛由东北大学举办，来自哈尔滨工业大学、北京邮电大学、中国人民公安大学的队伍分别取得辽宁赛区半决赛前三名。

辽宁赛区半决赛颁奖现场

浙江赛区半决赛由杭州电子科技大学举办，来自浙江大学、上海交通大学、宁波工程学院的队伍分别取得浙江赛区半决赛前三名。

浙江赛区半决赛颁奖现场

湖北赛区半决赛由武汉大学举办，来自郑州轻工业大学、郑州大学、中国人民警察大学的队伍分别取得湖北赛区半决赛前三名。

湖北赛区半决赛颁奖现场

广东赛区半决赛由广东外语外贸大学举办，来自江西警察学院、南昌大学、广东外语外贸大学的队伍分别取得广东赛区半决赛前三名。

广东赛区半决赛颁奖现场

重庆赛区半决赛由重庆邮电大学举办，来自国防科技大学、四川大学、电子科技大学的队伍分别取得重庆赛区半决赛前三名。

重庆赛区半决赛颁奖现场

陕西赛区半决赛由西安邮电大学举办，前三名由西安理工大学的一支队伍和兰州大学的两支队伍包揽。

陕西赛区半决赛颁奖现场

随着半决赛的胜利举办，第三届“长城杯”网数智安全大赛（防护赛）决赛将于2026年4月28日在福州与第九届数字中国建设峰会同期举行。这将是网络安全领域的一次巅峰对决，也是对未来安全防御的一次重要预演。期待各位选手在终极对决中勇立潮头，用创新思维攻克网数智安全难关，以青春之名为网络强国建设注入澎湃动能。

山卡拉

联合国警告地球气候愈发失衡

Solidot

2 days 8 hours ago

根据世界气象组织（WMO）报告，随着温室气体浓度驱动的大气和海洋持续变暖以及冰层融化，地球气候失衡比观测史上任何时候都更加严重。WMO《2025年全球气候状况》报告确认：2015-2025 年是有记录以来最热的 11 年，2025 年是有记录以来第二热或第三热年份，比 1850-1900 年的平均水平约高出 1.43°C。世界各地的极端事件，包括酷热、暴雨和热带气旋，造成了干扰和破坏，凸显了互为关联的经济与社会的脆弱性。海洋在持续变暖并吸收二氧化碳。在过去的二十年里，海洋每年吸收的能量相当于人类每年所用能量的十八倍。报告称，北极的年度海冰范围处于或接近历史最低水平，南极海冰范围是有记录以来的第三低，冰川融化持续有增无减。联合国秘书长安东尼奥·古特雷斯表示，“人类刚刚经历了有记录以来最热的十一年。历史重演了十一次，这已不再是巧合。这是行动呼吁。”

CVE-2026-4617 | SourceCodester Patients Waiting Area Queue Management System 1.0 Patient Check-In api_patient_checkin.php ValidateToken improper authorization

VulDB Recent Entries

2 days 8 hours ago

A vulnerability, which was classified as critical, was found in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. This vulnerability is registered as CVE-2026-4617. It is possible to launch the attack remotely. Furthermore, an exploit is available.

vuldb.com