Aggregator

CVE-2026-7114 | code-projects Employee Management System 1.0 370project/edit.php ID sql injection (EUVD-2026-25820)

1 month 3 weeks ago

A vulnerability marked as critical has been reported in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2026-7114. The attack may be initiated remotely. In addition, an exploit is available.

vuldb.com

CVE-2026-7115 | code-projects Employee Management System 1.0 370project/delete.php ID sql injection (EUVD-2026-25821)

Vuldb Updates

1 month 3 weeks ago

A vulnerability described as critical has been identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2026-7115. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2026-22337 | Directorist Social Login Plugin up to 2.1.1 on WordPress improper authentication (EUVD-2026-25814)

Vuldb Updates

1 month 3 weeks ago

A vulnerability has been found in Directorist Social Login Plugin up to 2.1.1 on WordPress and classified as critical. Affected by this issue is some unknown functionality. Performing a manipulation results in improper authentication. This vulnerability is identified as CVE-2026-22337. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

Scaling Our Vision: Welcoming Tamar Nulman and Omri Arnon to the Legit Team

Security Boulevard

1 month 3 weeks ago

The post Scaling Our Vision: Welcoming Tamar Nulman and Omri Arnon to the Legit Team appeared first on Security Boulevard.

Roni Fuchs

CVE-2022-21722 | PJSIP up to 2.11.1 RTP/RTCP out-of-bounds (GHSA-m66q-q64c-hv36 / EUVD-2022-26904)

Vuldb Updates

1 month 3 weeks ago

A vulnerability labeled as problematic has been found in PJSIP up to 2.11.1. Affected by this issue is some unknown functionality of the component RTP/RTCP. Executing a manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2022-21722. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

vuldb.com

CVE-2022-21723 | PJSIP up to 2.11.1 SIP Message out-of-bounds (GHSA-7fw8-54cv-r7pm / EUVD-2022-26905)

Vuldb Updates

1 month 3 weeks ago

A vulnerability marked as problematic has been reported in PJSIP up to 2.11.1. This affects an unknown part of the component SIP Message. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-21723. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

vuldb.com

CVE-2018-11804 | Spark 1.3.x Zinc Server Request input validation (EUVD-2022-2689 / ID 38748)

Vuldb Updates

1 month 3 weeks ago

A vulnerability was found in Spark 1.3.x. It has been declared as problematic. Impacted is an unknown function of the component Zinc Server. The manipulation as part of Request results in improper input validation. This vulnerability is reported as CVE-2018-11804. The attack can be launched remotely. No exploit exists.

vuldb.com

CVE-2022-21682 | Flatpak up to 1.10.5/1.12.2 path traversal (GHSA-8ch7-5j3h-g4fx / EUVD-2022-26892)

Vuldb Updates

1 month 3 weeks ago

A vulnerability labeled as critical has been found in Flatpak up to 1.10.5/1.12.2. Affected by this vulnerability is an unknown functionality. The manipulation results in path traversal. This vulnerability is known as CVE-2022-21682. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

vuldb.com

CVE-2022-21669 | PuddingBot up to 0.0.6-b933652 main.py hard-coded credentials (GHSA-cxgr-xpmj-9qjm / EUVD-2022-26884)

Vuldb Updates

1 month 3 weeks ago

A vulnerability identified as critical has been detected in PuddingBot up to 0.0.6-b933652. This vulnerability affects unknown code of the file main.py. Performing a manipulation results in hard-coded credentials. This vulnerability is reported as CVE-2022-21669. The attacker must have access to the local network to execute the attack. No exploit exists.

vuldb.com

杀虫剂导致北美蝴蝶数量大减

Solidot

1 month 3 weeks ago

2025 年 3 月科学家在《科学》期刊上发表研究，Xerces Society for Invertebrate Conservation 保护协会随后发表了蝴蝶现状报告。研究发现，从 2000 年到 2020 年全美蝴蝶总数下降了 22%，有 24 种蝴蝶数量下降 90% 或以上。杀虫剂被认为是导致这一结果的主要原因。1960 年代化学公司研制出了强效杀虫剂滴滴涕（DDT），公众对滴滴涕的反对促使企业研制出弱化对人类伤害但强化对昆虫杀伤力的新杀虫剂。多种混合型杀虫剂的使用导致蝴蝶等昆虫在 21 世纪加速减少。生态学家 Matt Forister 等人在《Environmental Toxicology and Chemistry》期刊上报告，他们分析了 336 株植物只有 22 株植物没有检测到农药残留。这些植物至少含有三种化学物质，其中 71 株植物的农药浓度对蝴蝶而言是致命或接近致命。在 2022 年的一项类似研究中，Forister 团队分析了 33 家苗圃出售的 235 株乳草（对帝王蝶至关重要的植物），发现每株植物平均含有 12.2 种杀虫剂。

Hackers Using Fake Income Tax Department’s Notice to Deploy Malware

Cyber Security News

1 month 3 weeks ago

A new phishing campaign is actively targeting Indian taxpayers and businesses by impersonating the Income Tax Department of India. Threat actors have built convincing fake websites that look nearly identical to official government portals, using urgent language to pressure victims into downloading malware-laced files without hesitation. The attack relies on a fraudulent website displaying the […]

The post Hackers Using Fake Income Tax Department’s Notice to Deploy Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Если у вас техника от Samsung или D-Link, у нас плохие новости. Ваши устройства официально признали легкой добычей

Securitylab.ru

1 month 3 weeks ago

Зафиксированы массовые атаки на устаревшее оборудование D-Link с использованием свежей уязвимости.

China-Backed Groups are Using Massive Botnets in Espionage, Intrusion Campaigns

Security Boulevard

1 month 3 weeks ago

China-sponsored threat groups like Salt Typhoon and Flax Typhoon are increasingly relying on multiple massive botnets comprising edge and IoT devices to run their cyber espionage and network intrusion campaigns, CISA and other security agencies say. The use of such "covert networks" makes it more difficult to detect and mitigate their campaigns.

The post China-Backed Groups are Using Massive Botnets in Espionage, Intrusion Campaigns appeared first on Security Boulevard.

Jeffrey Burt

AI能在15分钟内武器化CVE漏洞么？答案是能

洞源实验室

1 month 3 weeks ago

这是一篇迟到的文章，至少相比现在AI发展的速度，但其思路依然适用于当前的CVE漏洞分析，甚至会因为目前更强的模型而变得更强。在 AI 技术快速变革的当下，除了模型能力之外，我们更应当多思考如何基于 AI 构建和形成有效的工作流。

INC

Dark Feed IO

1 month 3 weeks ago

You must login to view this content

cohenido

发改委要求撤销对 Manus 的收购

Solidot

1 month 3 weeks ago

国家发展改革委周一发布通报，外商投资安全审查工作机制办公室（国家发改委）依法依规对外资收购 Manus 项目作出禁止投资决定，要求当事人撤销该收购交易。《外商投资安全审查办法》于 2020 年 12 月 19 日由国家发展改革委、商务部联合发布，自 2021 年 1 月 18 日开始施行，对适用审查的外商投资类型、审查机构、审查范围、审查程序、审查决定监督执行和违规处理等进行规定。跟据该文件，国家建立外商投资安全审查工作机制，工作机制办公室设在国家发展改革委，由国家发展改革委、商务部牵头，承担外商投资安全审查的日常工作。

UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

Hack Read

1 month 3 weeks ago

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks.

Deeba Ahmed

CVE-2024-57728

CVE Trends

1 month 3 weeks ago

Currently trending CVE - Hype Score: 1 - SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

CVE-2024-57726

CVE Trends

1 month 3 weeks ago

Currently trending CVE - Hype Score: 2 - SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

CVE-2025-53521

CVE Trends

1 month 3 weeks ago

Currently trending CVE - Hype Score: 8 - When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Aggregator

Managed ad