Aggregator

phpMyFAQ 4.0.16 - Improper Authorization

GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation

Craft CMS 5.6.16 - RCE

HAX CMS 24.x - Stored Cross-Site Scripting (XSS)

# Exploit Title: JuzaWeb CMS 3.4.2 - Authenticate

# Exploit Title: GUnet OpenEclass E-learning plat

# Exploit Title: OpenKM Multiple Critical Zero-Da

# Exploit Title: OpenWrt 23.05 - Authenticated Re

# Exploit Title: FacturaScripts 2025.43 - XSS# D

// Exploit Title: Atlona AT-OME-RX21 Authenticate

Exploit Title: Fedora Local Privilege Escalation

# Exploit Title: Xibo CMS - Authenticated Remote

# Exploit Title: LangChain Core - SSTI/RCE # Dat

4 min readWhat began as a routine staging task for a SaaS startup ended in a disaster that  would have been unthinkable just months ago: an AI agent operating as a super insider threat and triggering a worst-case production failure. In a detailed X post, Jer Crane, founder of PocketOS, a software platform for the rental car […]

The post How a Long-Lived API Credential Let an AI Agent Delete Production Data appeared first on Aembit.

The post How a Long-Lived API Credential Let an AI Agent Delete Production Data appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. This vulnerability is referenced as CVE-2026-7071. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The identification of this vulnerability is CVE-2026-7070. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in randombit botan up to 3.10.x. Impacted is an unknown function of the component X509 Path Validation Handler. This manipulation causes improper verification of cryptographic signature. This vulnerability is handled as CVE-2026-32883. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in randombit botan up to 3.10.x. Impacted is an unknown function. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-32877. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in uriparser up to 1.0.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component URI Handler. The manipulation leads to numeric truncation error. This vulnerability is uniquely identified as CVE-2026-42371. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Xuxueli xxl-job up to 3.3.2. It has been declared as critical. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key . This vulnerability is referenced as CVE-2026-7306. It is possible to launch the attack remotely. Furthermore, an exploit is available.