Aggregator

CVE-2026-3027 | erzhongxmu JEEWMS up to 3.7 UEditor getContent.jsp myEditor cross site scripting

VulDB Recent Entries
4 months ago
A vulnerability classified as problematic was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. This vulnerability is reported as CVE-2026-3027. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-3026 | erzhongxmu JEEWMS 3.7 UEditor getRemoteImage.jsp upfile server-side request forgery

VulDB Recent Entries
4 months ago
A vulnerability classified as critical has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. This vulnerability is documented as CVE-2026-3026. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

INC

Dark Feed IO
4 months ago

You must login to view this content

cohenido

Apache ActiveMQ Exploit Leads to LockBit Ransomware

The DFIR Report
4 months ago

Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon.  This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java Spring […]

The post Apache ActiveMQ Exploit Leads to LockBit Ransomware appeared first on The DFIR Report.

editor

INC

Dark Feed IO
4 months ago

You must login to view this content

cohenido

CVE-2026-3025 | ShuoRen Smart Heating Integrated Management Platform 1.0.0 ExampleNodeService.asmx File unrestricted upload

VulDB Recent Entries
4 months ago
A vulnerability described as critical has been identified in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. This vulnerability is registered as CVE-2026-3025. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Lenovo adds new AI-driven edge systems to ThinkEdge portfolio

Help Net Security
4 months ago

Lenovo expanded its ThinkEdge portfolio with a new generation of AI-driven edge computing solutions, including the compact and reliable ThinkEdge SE10n Gen 2, the AI-ready ThinkEdge SE30n Gen 2, the AI-powerhouse ThinkEdge SE60n Gen 2, and Lenovo’s first industrial all-in-one (AIO) Panel PC, the ThinkEdge SE50a. As enterprises push intelligence closer to operations to improve resilience, reduce latency, and keep sensitive data local, edge computing has become a critical layer between devices, infrastructure, and cloud. … More →

The post Lenovo adds new AI-driven edge systems to ThinkEdge portfolio appeared first on Help Net Security.

Industry News

How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC

Security Boulevard
4 months ago

Originally published at How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC by Sona Mirzoyan.

About the Customer Company: SmugMug Industry: Image Hosting ...

The post How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC appeared first on EasyDMARC.

The post How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC appeared first on Security Boulevard.

Sona Mirzoyan

Managed ad