Aggregator

AI又多了个新炒点

​是时候打破运动行业的「苦难叙事」了。

A vulnerability was found in code-projects Online Reviewer System 1.0. It has been classified as critical. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. This vulnerability is uniquely identified as CVE-2026-2166. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Totolink WA300 5.2cu.7112_B20190227. It has been declared as critical. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. This vulnerability was named CVE-2026-2167. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in D-Link DWR-M921 1.1.50. It has been rated as critical. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The identification of this vulnerability is CVE-2026-2168. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. This vulnerability is referenced as CVE-2026-2169. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. This vulnerability is tracked as CVE-2026-2172. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as critical. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. This vulnerability is traded as CVE-2026-2177. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

马斯克称苹果造车项目曾疯狂从特斯拉挖人； Netflix 827 亿美元收购华纳兄弟探索遭美司法部调查，聚焦垄断行为； 《华盛顿邮报》裁员数百人后贝索斯决策遭质疑，CEO 刘易斯宣布辞职

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party […]

采用多层加密的CS样本分析

Bitter APT组织最新accdr攻击样本分析

Currently trending CVE - Hype Score: 1 - The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server ...

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as critical. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2026-2179. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Tenda RX3 16.03.13.11. It has been declared as critical. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-2180. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Tenda RX3 16.03.13.11. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. This vulnerability was named CVE-2026-2181. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The identification of this vulnerability is CVE-2026-2182. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2026-2183. Remote exploitation of the attack is possible. No exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The code repository of the project has not been active for many years.