CMD
You must login to view this content
Aggregator
Cloud Atlas APT Group Modifies termsrv.dll to Enable Multiple RDP Sessions on Victim Hosts
6 days 10 hours ago
A well-known advanced persistent threat group called Cloud Atlas has been caught using a dangerous technique to hijack Windows systems without alerting anyone on the network. The group modifies a core Windows file called termsrv.dll to unlock multiple simultaneous Remote Desktop Protocol (RDP) sessions on a victim’s computer. This lets attackers work in the background […]
The post Cloud Atlas APT Group Modifies termsrv.dll to Enable Multiple RDP Sessions on Victim Hosts appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2026-48842 | Roundcube Webmail up to 1.6.15/1.7.0 preg_replace sql injection (EUVD-2026-31719)
6 days 10 hours ago
A vulnerability, which was classified as critical, was found in Roundcube Webmail up to 1.6.15/1.7.0. This issue affects the function preg_replace. The manipulation results in sql injection.
This vulnerability is identified as CVE-2026-48842. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-48847 | Roundcube Webmail up to 1.6.15/1.7.0 redis/memcache resource transfer (EUVD-2026-31724)
6 days 10 hours ago
A vulnerability, which was classified as problematic, has been found in Roundcube Webmail up to 1.6.15/1.7.0. This vulnerability affects unknown code of the component redis/memcache. The manipulation leads to incorrect resource transfer.
This vulnerability is referenced as CVE-2026-48847. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-48843 | Roundcube Webmail up to 1.6.15/1.7.0 Mail Message server-side request forgery (EUVD-2026-31718)
6 days 10 hours ago
A vulnerability classified as critical was found in Roundcube Webmail up to 1.6.15/1.7.0. This affects an unknown part of the component Mail Message Handler. Executing a manipulation can lead to server-side request forgery.
The identification of this vulnerability is CVE-2026-48843. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-48845 | Roundcube Webmail up to 1.6.15/1.7.0 Email Message resource transfer (EUVD-2026-31720)
6 days 10 hours ago
A vulnerability classified as critical has been found in Roundcube Webmail up to 1.6.15/1.7.0. Affected by this issue is some unknown functionality of the component Email Message Handler. Performing a manipulation results in incorrect resource transfer.
This vulnerability was named CVE-2026-48845. The attack may be initiated remotely. There is no available exploit.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-48848 | Roundcube Webmail up to 1.6.15/1.7.0 SVG Document attributeName cross site scripting (EUVD-2026-31727)
6 days 10 hours ago
A vulnerability described as problematic has been identified in Roundcube Webmail up to 1.6.15/1.7.0. Affected by this vulnerability is an unknown functionality of the component SVG Document Handler. Such manipulation of the argument attributeName leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2026-48848. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-48844 | Roundcube Webmail up to 1.6.15/1.7.0 LDAP control flow (EUVD-2026-31717)
6 days 10 hours ago
A vulnerability marked as problematic has been reported in Roundcube Webmail up to 1.6.15/1.7.0. Affected is an unknown function of the component LDAP. This manipulation causes incorrect control flow.
This vulnerability is handled as CVE-2026-48844. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-24546 | Ruben Garcia GamiPress Plugin up to 7.6.3 on WordPress authorization (EUVD-2026-31723)
6 days 10 hours ago
A vulnerability labeled as problematic has been found in Ruben Garcia GamiPress Plugin up to 7.6.3 on WordPress. This impacts an unknown function. The manipulation results in missing authorization.
This vulnerability is known as CVE-2026-24546. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-48846 | Roundcube Webmail up to 1.6.15/1.7.0 CSS var resource transfer (EUVD-2026-31725)
6 days 10 hours ago
A vulnerability identified as critical has been detected in Roundcube Webmail up to 1.6.15/1.7.0. This affects the function var of the component CSS Handler. The manipulation leads to incorrect resource transfer.
This vulnerability is traded as CVE-2026-48846. It is possible to initiate the attack remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
Submit #813938: TOTOLink CA750-PoE V6.2c.510 Command Injection [Accepted]
6 days 10 hours ago
Submit #813938 / VDB-365561
Buoy_yes
Submit #813937: TOTOLink CA750-PoE V6.2c.510 Command Injection [Accepted]
6 days 10 hours ago
Submit #813937 / VDB-365560
Buoy_yes
Submit #813930: TOTOLink CA750-PoE V6.2c.510 Command Injection [Accepted]
6 days 10 hours ago
Submit #813930 / VDB-365559
Buoy_yes
Submit #813929: TOTOLink CA750-PoE V6.2c.510 Command Injection [Accepted]
6 days 10 hours ago
Submit #813929 / VDB-365558
Buoy_yes
CVE-2026-9530 | GNU LibreDWG up to 0.14 Dwgbmp Utility src/decode.c read_2004_compressed_section out-of-bounds (Issue 1248)
6 days 10 hours ago
A vulnerability categorized as problematic has been discovered in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read.
This vulnerability appears as CVE-2026-9530. The attack requires local access. In addition, an exploit is available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-9529 | GNU LibreDWG up to 0.14 Dwggrep Utility dwggrep.c match_BLOCK_HEADER null pointer dereference (Issue 1247)
6 days 10 hours ago
A vulnerability was found in GNU LibreDWG up to 0.14. It has been rated as problematic. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference.
This vulnerability is reported as CVE-2026-9529. The attack requires a local approach. Moreover, an exploit is present.
vuldb.com
Submit #814275: LibreDWG Project LibreDWG <= 0.14, main branch up to commit 6d6a339 (2026-04-10) Out-of-bounds Read (CWE-125) [Accepted]
6 days 11 hours ago
Submit #814275 / VDB-365549
pwn3rd
Submit #814273: LibreDWG Project LibreDWG <= 0.14, main branch up to commit 6d6a339 (2026-04-10) NULL Pointer Dereference (CWE-476) [Accepted]
6 days 11 hours ago
Submit #814273 / VDB-365548
pwn3rd
CVE-2026-9528 | itsourcecode Electronic Judging System 1.0 /admin/delete_judge.php judge_id sql injection
6 days 11 hours ago
A vulnerability was found in itsourcecode Electronic Judging System 1.0. It has been declared as critical. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection.
This vulnerability is documented as CVE-2026-9528. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
CVE-2026-9527 | itsourcecode Electronic Judging System 1.0 /admin/judges.php fname cross site scripting
6 days 11 hours ago
A vulnerability was found in itsourcecode Electronic Judging System 1.0. It has been classified as problematic. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting.
This vulnerability is registered as CVE-2026-9527. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com