Aggregator

CVE-2026-7510 | OWAP DefectDojo up to 2.55.4 Benchmark/Engagement/Product/Survey authorization (Bug 14375)

1 month 3 weeks ago

A vulnerability described as critical has been identified in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. This vulnerability is handled as CVE-2026-7510. The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.

vuldb.com

Submit #803751: OWASP DefectDojo < 2.56.0 Authorization Bypass [Accepted]

Vuldb Submit

1 month 3 weeks ago

Submit #803751 / VDB-360317

noname1337

Popular Python Package lightning Hacked in Supply Chain Attack

Cyber Security News

1 month 3 weeks ago

The widely used PyTorch Lightning framework, which automatically executes credential-stealing malware on import, has also compromised GitHub maintainer accounts. The popular PyPI package lightning — the deep learning framework used to train, deploy, and ship AI products has been compromised in an active supply chain attack. Socket’s Research Team flagged versions 2.6.2 and 2.6.3 as […]

Guru Baran

国际刑警DDoS蜜罐意外曝光：安全研究员意外逼停执法行动

黑鸟

1 month 3 weeks ago

2026 年 4 月，一位名为 Lina 的安全研究员在个人博客上分享了一段令人啼笑皆非的经历。

CVE-2026-7508 | Bootstrap CMS 0.9.0-alpha Page Creation show.blade.php body code injection

VulDB Recent Entries

1 month 3 weeks ago

A vulnerability marked as critical has been reported in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2026-7508. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The code repository of the project has not been active for many years.

vuldb.com

UserGate предупреждает: ProFTPD с открытым модулем SQL можно взломать за секунды

Securitylab.ru

1 month 3 weeks ago

8,1 балла опасности: в ProFTPD нашли дыру, доступную без учётной записи.

Email threat landscape: Q1 2026 trends and insights

Threat intelligence | Microsoft Security Blog

1 month 3 weeks ago

In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.

The post Email threat landscape: Q1 2026 trends and insights appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence and Microsoft Defender Security Research Team

Two new extortion crews are speedrunning the Scattered Spider playbook

CyberScoop

1 month 3 weeks ago

CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion.

The post Two new extortion crews are speedrunning the Scattered Spider playbook appeared first on CyberScoop.

Matt Kapko

Email threat landscape: Q1 2026 trends and insights

Threat intelligence | Microsoft Security Blog

1 month 3 weeks ago

The post Email threat landscape: Q1 2026 trends and insights appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence and Microsoft Defender Security Research Team

Deep#Door Python Backdoor Evades Detection On Windows

Information Security Magazine

1 month 3 weeks ago

Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials

Submit #803531: Bootstrap CMS v0.9.0-alpha Bootstrap CMS [Accepted]

Vuldb Submit

1 month 3 weeks ago

Submit #803531 / VDB-360316

fortuneh2c

CVE-2026-7506 | SourceCodester Hotel Management System 1.0 check room_type sql injection

VulDB Recent Entries

1 month 3 weeks ago

A vulnerability labeled as critical has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection. This vulnerability is traded as CVE-2026-7506. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2026-7505 | nextlevelbuilder GoClaw/GoClaw Lite up to 3.8.5 RPC improper authorization (Issue 866)

VulDB Recent Entries

1 month 3 weeks ago

A vulnerability identified as critical has been detected in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. This vulnerability appears as CVE-2026-7505. The attack may be initiated remotely. In addition, an exploit is available. You should upgrade the affected component.

vuldb.com

Submit #803492: SourceCodester Hotel Management System in PHP using CodeIgniter Framework Free Source Code V1.0 SQL Injection [Accepted]

Vuldb Submit

1 month 3 weeks ago

Submit #803492 / VDB-360315

wangzhongyang085

GNU security advisory (AV26-407)

CCCS - Alerts and advisories

1 month 3 weeks ago

Canadian Centre for Cyber Security

Submit #803458: Goclaw V0.4.0 Command execution [Accepted]

Vuldb Submit

1 month 3 weeks ago

Submit #803458 / VDB-360314

AiSec

CVE-2026-7503 | code-projects for Plugin 4.1.2cu.5137 /cgi-bin/cstecgi.cgi setWiFiMultipleConfig wepkey2 buffer overflow

VulDB Recent Entries

1 month 3 weeks ago

A vulnerability categorized as critical has been discovered in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. This vulnerability is reported as CVE-2026-7503. The attack can be launched remotely. Moreover, an exploit is present.

vuldb.com