Aggregator

Submit #814768 / VDB-367411

Name: ZeroDayTM CTF (an ZDTM CTF event.)
Date: May 23, 2026, 7 a.m. — 23 May 2026, 15:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: ICAM UVT, Timisoara, Romania
Offical URL: https://ctf.info.uvt.ro/invite/ckhbsit2kfmk
Rating weight: 0
Event organizers: ZeroDayTM

Name: Panther CTF 2026 (an SecLeaf CTF event.)
Date: May 23, 2026, 8:30 a.m. — 24 May 2026, 08:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: Online
Offical URL: http://pantherctf.secleaf.tech/
Rating weight: 0
Event organizers: SecLeaf

木鱼分析沙箱新版本重磅内测来袭

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. "Authentication bypass vulnerabilities in the

Vulnerability / Network SecurityPalo Alto Networks has warned that a recently disclosed medium-sev

七国集团宣言将合作在网络空间保护儿童G7数字部长会议29日在巴黎举行并通过了一份部长宣言，写入合作在网络空间保护儿童等内容。会议还制定了着眼于落实具体合作措施的 “共同原则”。各方也将应对网络成瘾、网

Если бы только учёные знали, где живёт сознание.

A vulnerability was found in Open5GS up to 2.7.6. It has been rated as critical. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2026-10157. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in Open5GS up to 2.7.7. It has been declared as problematic. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. This vulnerability appears as CVE-2026-10156. The attack may be performed from remote. In addition, an exploit is available. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.

Submit #818939 / VDB-367410

Submit #818598 / VDB-367409

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. It has been classified as critical. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDate results in sql injection. This vulnerability is reported as CVE-2026-10155. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #818587 / VDB-364333

A vulnerability was found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2 and classified as critical. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. This vulnerability is documented as CVE-2026-10154. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab and classified as problematic. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. This vulnerability is registered as CVE-2026-10153. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

Submit #818863 / VDB-367408

Submit #818838 / VDB-367407

A vulnerability, which was classified as critical, was found in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-10152. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.