Aggregator

The post A Tale of Two States

Parlando di CRA, mi hanno segnato la UN Regulation No. 155 - Cyber security and cyber security man

Google revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how the company approaches cybersecurity. The update comes as artificial intelligence tools are reshaping the field […]

Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the

A vulnerability was found in Totolink WA300 5.2cu.7112_B20190227 and classified as critical. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. This vulnerability is documented as CVE-2026-7721. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Totolink WA300 5.2cu.7112_B20190227 and classified as critical. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. This vulnerability is registered as CVE-2026-7720. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. This vulnerability is cataloged as CVE-2026-7719. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. This vulnerability is listed as CVE-2026-7718. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. This vulnerability is tracked as CVE-2026-7717. The attack can be launched remotely. Moreover, an exploit is present.

Утилита удаляет предустановленные приложения и автоматизирует развертывание системы.

Submit #807199 / VDB-360897

Submit #807198 / VDB-360896

Submit #807197 / VDB-360895

Submit #807196 / VDB-360894

Submit #807193 / VDB-360893

A vulnerability classified as critical has been found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. This vulnerability is identified as CVE-2026-7716. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. This vulnerability is referenced as CVE-2026-7715. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability marked as critical has been reported in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. The identification of this vulnerability is CVE-2026-7714. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through a pull request but has not reacted yet.

A vulnerability labeled as critical has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. This vulnerability was named CVE-2026-7713. The attack may be performed from remote. In addition, an exploit is available. The affected component should be upgraded.

Submit #807542 / VDB-236685