Aggregator

CVE-2026-3261 | itsourcecode School Management System 1.0 Setting /settings/index.php ID sql injection

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability classified as critical has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2026-3261. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-2680 | A3factura Web Platform 4.111.2-rev.1 salesDeliveryNotes customerVATNumber cross site scripting (EUVD-2026-8852)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability described as problematic has been identified in A3factura Web Platform 4.111.2-rev.1. This affects an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes. The manipulation of the argument customerVATNumber results in cross site scripting. This vulnerability is reported as CVE-2026-2680. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2026-2679 | A3factura Web Platform 4.111.2-rev.1 salesInvoices customerName cross site scripting (EUVD-2026-8851)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability marked as problematic has been reported in A3factura Web Platform 4.111.2-rev.1. The impacted element is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/salesInvoices. The manipulation of the argument customerName leads to cross site scripting. This vulnerability is documented as CVE-2026-2679. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2026-2678 | A3factura Web Platform 4.111.2-rev.1 on A3factura customers Name cross site scripting (EUVD-2026-8850)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability labeled as problematic has been found in A3factura Web Platform 4.111.2-rev.1 on A3factura. The affected element is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/customers. Executing a manipulation of the argument Name can lead to cross site scripting. This vulnerability is registered as CVE-2026-2678. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2026-2677 | A3factura Web Platform 4.111.2-rev.1 representatives-management Name cross site scripting (EUVD-2026-8849)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability identified as problematic has been detected in A3factura Web Platform 4.111.2-rev.1. Impacted is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/representatives-management. Performing a manipulation of the argument Name results in cross site scripting. This vulnerability is cataloged as CVE-2026-2677. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-1198 | Simple SA Simple.ERP up to [email protected]_u05 Obroty na kontach search sql injection

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in Simple SA Simple.ERP up to [email protected]_u05. It has been rated as critical. This vulnerability affects the function Search of the component Obroty na kontach. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-1198. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

Abyss

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

CVE-2025-64999 | Checkmk up to 2.3.0p42/2.4.0p21 Synthetic Monitoring HTML Log HTML injection

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in Checkmk up to 2.3.0p42/2.4.0p21. It has been declared as problematic. This affects an unknown part of the component Synthetic Monitoring HTML Log. The manipulation results in HTML injection. This vulnerability is identified as CVE-2025-64999. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

Sophisticated SeaFlower Backdoor Campaign Targets Web3 Wallets to Steal Seed Phrases

Cyber Security News
1 month 2 weeks ago

A highly sophisticated and previously unreported threat campaign dubbed SeaFlower (藏海花) has been actively targeting users of popular Web3 cryptocurrency wallets, embedding stealthy backdoors into cloned versions of legitimate applications to silently steal seed phrases and drain victims’ funds. The campaign is considered one of the most technically advanced threats to Web3 users ever documented, […]

The post Sophisticated SeaFlower Backdoor Campaign Targets Web3 Wallets to Steal Seed Phrases appeared first on Cyber Security News.

Tushar Subhra Dutta

Wireshark 4.6.4 Released With Fix for Multiple Security Vulnerabilities

Cyber Security News
1 month 2 weeks ago

The Wireshark Foundation has officially released Wireshark 4.6.4, a significant maintenance update for the world’s most popular network protocol analyzer. This release addresses multiple security vulnerabilities and resolves various functional bugs that could impact stability and performance. Network administrators, security analysts, and developers rely on Wireshark for troubleshooting and education. This update is particularly critical […]

The post Wireshark 4.6.4 Released With Fix for Multiple Security Vulnerabilities appeared first on Cyber Security News.

Abinaya

Fraudsters integrate ChatGPT into global scam campaigns

Help Net Security
1 month 2 weeks ago

AI models are being folded into fraud and influence operations that follow long standing tactics. A February 2026 update to OpenAI’s Disrupting Malicious Uses of Our Models report details how ChatGPT and related API access were used in romance scams, fake legal services, coordinated influence campaigns, and a state linked harassment effort. Six tweets whose text matches a batch of comments generated by the main ChatGPT account in this operation, and posted online by six … More →

The post Fraudsters integrate ChatGPT into global scam campaigns appeared first on Help Net Security.

Anamarija Pogorelec

Managed ad