Aggregator

Как Госдеп во времена Джо Байдена помогал соцсетям прятать неудобные публикации.

A vulnerability classified as problematic was found in Decidim up to 0.30.4/0.31.0. This issue affects some unknown processing. Executing a manipulation of the argument Name can lead to cross site scripting. This vulnerability is handled as CVE-2026-23891. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in HAProxy up to 3.3.5. This vulnerability affects unknown code of the component HTTP3 Parser. Performing a manipulation results in improper handling of length parameter inconsistency. This vulnerability is known as CVE-2026-33555. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in SourceCodester Online Thesis Archiving System 1.0. This affects an unknown part of the file /otas/admin/curriculum/manage_curriculum.php. Such manipulation leads to sql injection. This vulnerability is traded as CVE-2026-36952. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in SourceCodester Online Thesis Archiving System 1.0. Affected by this issue is some unknown functionality of the file /otas/projects_per_department.php. This manipulation causes sql injection. This vulnerability appears as CVE-2026-36950. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in SourceCodester Online Thesis Archiving System 1.0. Affected by this vulnerability is an unknown functionality of the file /otas/view_archive.php. The manipulation results in sql injection. This vulnerability is reported as CVE-2026-36948. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in ChurchCRM up to 6.x. Affected is an unknown function of the file DonatedItemEditor.php. The manipulation leads to open redirect. This vulnerability is documented as CVE-2026-39940. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]

International Insurer VUMI Group Allegedly Breached, 300K Policyholders and 25K Staff Exposed With SSNs, Passports, and W-9 Forms

Booking.com has confirmed via a statement to BleepingComputer that it has detected unauthorized access to its systems that has exposed sensitive reservation and user data. [...]

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect system metadata. "One of the

Gmail научился шифровать письма по-человечески.

A vulnerability has been found in SourceCodester Computer and Mobile Repair Shop Management System 1.0 and classified as critical. This impacts an unknown function of the file /rsms/admin/inquiries/view_details.php. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-36946. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in SourceCodester Computer and Mobile Repair Shop Management System 1.0 and classified as critical. Affected is an unknown function of the file /rsms/admin/services/view_service.php. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2026-36947. The attack may be performed from remote. There is no available exploit.