Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.121/6.6.67/6.12.6. The affected element is the function memset. The manipulation results in null pointer dereference. This vulnerability was named CVE-2024-46896. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Inventory Management System 1.0. This affects an unknown function of the component Add Member Section. Such manipulation of the argument Name/Address/Company leads to cross site scripting. This vulnerability is listed as CVE-2023-39714. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Inventory Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Subtotal/Paidbill leads to cross site scripting. This vulnerability is documented as CVE-2023-39711. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Inventory Management System 1.0. The impacted element is an unknown function of the component Add New Put Section. The manipulation of the argument Name/Address/Company results in cross site scripting. This vulnerability was named CVE-2023-39712. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as critical has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2026-1425. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability was found in PHPGurukul News Portal 1.0. It has been rated as critical. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2026-1424. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #736827 / VDB-342841

Submit #736668 / VDB-341733

Submit #736637 / VDB-342840

A vulnerability was found in code-projects Online Examination System 1.0. It has been declared as critical. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to unrestricted upload. This vulnerability appears as CVE-2026-1423. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in code-projects Online Examination System 1.0. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. This vulnerability is reported as CVE-2026-1422. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in code-projects Online Examination System 1.0 and classified as problematic. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1421. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. This vulnerability is registered as CVE-2026-1420. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #736607 / VDB-342839

Submit #736606 / VDB-342838

Submit #736605 / VDB-342837

Новый раунд сокращений в компании начнется уже на следующей неделе.

Submit #736559 / VDB-342836

Кварки — это жидкость. Живите с этим.

Name: 0xL4ugh CTF v5 (an 0xL4ugh CTF event.)
Date: Jan. 23, 2026, 1 p.m. — 25 Jan. 2026, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.0xL4ugh.com/
Rating weight: 29.19
Event organizers: 0xL4ugh