Aggregator

A vulnerability was found in code-projects Smart Parking System 1.0. It has been declared as critical. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-10243. It is possible to launch the attack remotely. Furthermore, an exploit is available. Multiple endpoints are affected.

Submit #824023 / VDB-367527

A vulnerability was found in itsourcecode Content Management System 1.0. It has been classified as critical. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topic_id causes sql injection. The identification of this vulnerability is CVE-2026-10242. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #824029 / VDB-367526

Submit #823943 / VDB-367525

Submit #823941 / VDB-367524

Submit #823937 / VDB-367523

Submit #823931 / VDB-367522

Threat actors are aggressively exploiting premium artificial intelligence ecosystems like ChatGPT and Claude to orchestrate sophisticated phishing campaigns. Specifically, adversaries favor these platforms due to their massive organic search volumes. Furthermore, malicious actors repurpose...

The post The Algorithmic Illusion: Threat Actors Weaponize Generative AI Shared Tunnels for Phishing appeared first on Information Security News.

Submit #823871 / VDB-367521

Rapid7 зафиксировала реальные случаи взлома сетей через дыру в GlobalProtect.

Submit #823558 / VDB-367520

Secret Prompt Injection in Production Updates The open-source library jqwik recently deployed hidden behavioral instructions within its v1.10.0 update. Specifically, this modification was silently introduced on May 25, 2026. Consequently, downstream artificial intelligence developers...

The post The Sabotage of Automation: Open-Source Project jqwik Poisoned Against AI Agents appeared first on Information Security News.

A vulnerability was found in jeecgboot The server processes these URLs up to 3.9.1 and classified as critical. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. This vulnerability was named CVE-2026-10241. The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in JeecgBoot up to 3.9.2 and classified as critical. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-10240. The attack is possible to be carried out remotely. Moreover, an exploit is present. A fix is planned for the upcoming release.

A vulnerability, which was classified as critical, was found in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-10239. The attack can be executed remotely. Additionally, an exploit exists. A fix is planned for the upcoming release.

Submit #823268 / VDB-367519

Submit #823267 / VDB-367518

Submit #823266 / VDB-367517

8 млрд долларов крипты, 275 задержанных и 7000 отключённых Starlink-терминалов.