Qwen без тормозов: китайскую языковую модель разблокировали на полную. Отказов — ноль, свободы — море
Новая ИИ-модель прошла сотни проверок на цензуру.
Aggregator
CVE-2026-2275 | CrewAI 1.0 SandboxPython routine
3 weeks 4 days ago
A vulnerability labeled as critical has been found in CrewAI 1.0. Affected is an unknown function of the component SandboxPython. The manipulation results in exposed dangerous routine.
This vulnerability is known as CVE-2026-2275. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-30561 | SourceCodester Sales and Inventory System 1.0 Parameter add_purchase.php msg cross site scripting
3 weeks 4 days ago
A vulnerability identified as problematic has been detected in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file add_purchase.php of the component Parameter Handler. The manipulation of the argument msg leads to cross site scripting.
This vulnerability is traded as CVE-2026-30561. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-30559 | SourceCodester Sales and Inventory System 1.0 Parameter add_sales.php msg cross site scripting
3 weeks 4 days ago
A vulnerability categorized as problematic has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file add_sales.php of the component Parameter Handler. Executing a manipulation of the argument msg can lead to cross site scripting.
This vulnerability appears as CVE-2026-30559. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2026-30558 | SourceCodester Sales and Inventory System 1.0 Parameter add_customer.php msg cross site scripting
3 weeks 4 days ago
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. It has been rated as problematic. The impacted element is an unknown function of the file add_customer.php of the component Parameter Handler. Performing a manipulation of the argument msg results in cross site scripting.
This vulnerability is reported as CVE-2026-30558. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2026-30562 | SourceCodester Sales and Inventory System 1.0 Parameter add_stock.php msg cross site scripting
3 weeks 4 days ago
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. It has been declared as problematic. The affected element is an unknown function of the file add_stock.php of the component Parameter Handler. Such manipulation of the argument msg leads to cross site scripting.
This vulnerability is documented as CVE-2026-30562. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-30560 | SourceCodester Sales and Inventory System 1.0 Parameter add_supplier.php msg cross site scripting
3 weeks 4 days ago
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. It has been classified as problematic. Impacted is an unknown function of the file add_supplier.php of the component Parameter Handler. This manipulation of the argument msg causes cross site scripting.
This vulnerability is registered as CVE-2026-30560. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-29954 | KubePlus 4.1.4 webhook/kubeconfiggenerator ResourceComposition chartURL injection
3 weeks 4 days ago
A vulnerability was found in KubePlus 4.1.4 and classified as problematic. This issue affects the function ResourceComposition of the component webhook/kubeconfiggenerator. The manipulation of the argument chartURL results in injection.
This vulnerability is cataloged as CVE-2026-29954. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-5170 | MongoDB Server up to 7.0.30/8.0.17/8.2.1 assertion
3 weeks 4 days ago
A vulnerability has been found in MongoDB Server up to 7.0.30/8.0.17/8.2.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to reachable assertion.
This vulnerability is listed as CVE-2026-5170. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2026-30556 | SourceCodester Sales and Inventory System 1.0 Parameter index.php msg cross site scripting
3 weeks 4 days ago
A vulnerability, which was classified as problematic, was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file index.php of the component Parameter Handler. Executing a manipulation of the argument msg can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-30556. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-30557 | SourceCodester Sales and Inventory System 1.0 Parameter add_category.php msg cross site scripting
3 weeks 4 days ago
A vulnerability, which was classified as problematic, has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file add_category.php of the component Parameter Handler. Performing a manipulation of the argument msg results in cross site scripting.
This vulnerability is identified as CVE-2026-30557. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
Exposed Server Reveals TheGentlemen Ransomware Toolkit, Victim Credentials, and Ngrok Tokens
3 weeks 4 days ago
A misconfigured server hosted on a Russian bulletproof hosting provider has exposed the complete operational toolkit of a TheGentlemen ransomware affiliate, including harvested victim credentials and plaintext authentication tokens used to establish hidden remote access tunnels. TheGentlemen ransomware group operates as a Ransomware-as-a-Service, or RaaS, operation where affiliates carry out attacks using shared tools and […]
The post Exposed Server Reveals TheGentlemen Ransomware Toolkit, Victim Credentials, and Ngrok Tokens appeared first on Cyber Security News.
Tushar Subhra Dutta
The Gentleman
3 weeks 4 days ago
You must login to view this content
cohenido
The Gentleman
3 weeks 4 days ago
You must login to view this content
cohenido
15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow
3 weeks 4 days ago
15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide.
Deeba Ahmed
Рефлексия, контракты и безопасность памяти. Почему C++26 называют самым сильным релизом после C++11
3 weeks 4 days ago
Комитет ISO завершил техническую подготовку стандарта C++26.
North Korean IT Worker Allegedly Used Stolen Identity and AI Resume in Job Application Scam
3 weeks 4 days ago
A suspected North Korean operative tried to sneak into a remote job at a cybersecurity firm by using a stolen identity, a fake AI-generated resume, and a VoIP phone number. The case, uncovered in June 2025, shows how North Korea’s state-sponsored IT worker scheme has grown more sophisticated and harder to spot without proper screening. […]
The post North Korean IT Worker Allegedly Used Stolen Identity and AI Resume in Job Application Scam appeared first on Cyber Security News.
Tushar Subhra Dutta
RSAC 2026 is back, and the certificate automation gap is impossible to ignore
3 weeks 4 days ago
RSAC 2026 Conference marked a return to form, more vibrant and better attended than any show I can recall over the past decade. The audience was distinctly international, with strong representation from North America, Europe and Latin America, and it was refreshing to see the energy and overall vibe of the show return to what I remember from RSA at its peak. As expected, hot topics centered on how AI is transforming cybersecurity, alongside growing … More →
The post RSAC 2026 is back, and the certificate automation gap is impossible to ignore appeared first on Help Net Security.
Help Net Security
CrySome RAT Emerges as Advanced .NET Malware With AV Killer and HVNC Capabilities
3 weeks 4 days ago
A new and dangerous piece of malware has surfaced in the threat landscape, and it is built to stay hidden, stay running, and stay in control of any system it infects. CrySome RAT is written in C# and targets the .NET ecosystem, giving attackers complete remote control over compromised Windows machines. From stealing passwords and […]
The post CrySome RAT Emerges as Advanced .NET Malware With AV Killer and HVNC Capabilities appeared first on Cyber Security News.
Tushar Subhra Dutta
Венера не даёт себя изучать, но китайцы придумали, как её обмануть: керамика, лазеры и маленькая хитрость с углекислым газом
3 weeks 4 days ago
Новый проект обещает сделать экспедиции к планете автономными.