Aggregator

CVE-2026-5205 | chatwoot up to 4.11.2 Webhook API lib/webhooks/trigger.rb Webhooks::Trigger url server-side request forgery

3 days ago

A vulnerability was found in chatwoot up to 4.11.2. It has been declared as critical. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-5205. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Submit #780406: code-projects Simple Gym Management System 1.0 SQL Injection [Accepted]

Vuldb Submit

3 days ago

Submit #780406 / VDB-354336

nomath

网友买助眠药收到注销驾驶证短信，交警：系提醒，建议到场核实

不安全

3 days ago

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读用户提供的文章内容。文章讲的是有网友买了助眠药后收到短信，提示他们可能有影响驾驶安全的疾病记录，需要去车管所注销驾驶证。交警部门解释说这是提醒，如果有相关疾病，开车会有安全隐患，建议核实情况。根据规定，长期依赖精神药品成瘾的驾驶员会被注销驾驶证。接下来，我要提取关键信息：购买助眠药、收到短信、注销驾驶证、安全隐患、交警提醒、相关规定。然后把这些信息浓缩成一句话，确保不超过100字。要注意用词简洁明了，直接描述事件和结果。可能的结构是：网友买助眠药后收到短信提醒注销驾照，交警称有安全隐患需核实。这样既涵盖了事件经过又说明了原因和后果。最后检查一下字数和是否符合要求，确保没有使用“文章内容总结”之类的开头。近日有网民因购买助眠药收到短信提示需注销驾驶证，交警称此举为提醒驾驶员存在安全隐患需核实情况。

Submit #780305: Chatwoot 4.11.2 Server-Side Request Forgery [Accepted]

Vuldb Submit

3 days ago

Submit #780305 / VDB-354333

Ghufran Khan

CVE-2026-5204 | Tenda CH22 1.0.0.1 Parameter /goform/webtypelibrary formWebTypeLibrary webSiteId stack-based overflow

VulDB Recent Entries

3 days ago

A vulnerability was found in Tenda CH22 1.0.0.1. It has been classified as critical. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-5204. The attack can be initiated remotely. Additionally, an exploit exists.

vuldb.com

Google Drive now detects ransomware and helps restore affected files

Help Net Security

3 days ago

To help organizations minimize the impact of malware attacks on personal computers, Google launched ransomware detection and file restoration in beta in September 2025. These features are now generally available. End user alert in Drive for desktop when ransomware is detected (Source: Google) “Compared to the beta version, we can now detect more types of ransomware encryption and do so faster. Our latest AI model detects 14× more infections, providing broader protection,” the company said … More →

The post Google Drive now detects ransomware and helps restore affected files appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2026-5203 | CMS Made Simple up to 2.2.22 UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal

VulDB Recent Entries

3 days ago

A vulnerability was found in CMS Made Simple up to 2.2.22 and classified as critical. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. This vulnerability is known as CVE-2026-5203. It is possible to launch the attack remotely. Furthermore, an exploit is available. This issue has been reported early to the project. They confirmed, that "this has already been discovered and fixed for the next release."

vuldb.com

NCSC Urges Immediate Patching of F5 BIG-IP Bug

Information Security Magazine

3 days ago

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521

Submit #780209: Tenda CH22 V1.0.0.1 Stack-based Buffer Overflow [Accepted]

Vuldb Submit

3 days ago

Submit #780209 / VDB-354332

LtzHust2

California Gets Serious About Regulation (Again)

不安全

3 days ago

好的，我现在需要帮用户总结这篇文章的内容，控制在100个字以内。首先，我得仔细阅读文章，理解其主要观点。文章主要讲的是加州隐私法律的变化，特别是CCPA和CPRA的扩展。从2026年开始，这些法律不仅仅是关于隐私，还整合了网络安全和人工智能治理。这意味着企业不仅要遵守数据处理的规定，还要进行风险评估、管理自动化决策技术，并进行强制性的网络安全审计。接下来，我需要提取关键信息：加州隐私法扩展到数据治理、风险评估、ADMT监管和网络安全审计。这些变化对企业的影响是合规成为运营的一部分，不再是简单的政策声明。然后，我要把这些信息浓缩成一句话，不超过100字。要确保涵盖主要点：隐私法扩展、新增内容、对企业的影响。最后，检查语言是否简洁明了，没有冗余词汇。确保总结准确传达文章的核心内容。加州隐私法律从2026年起扩展为全面数据治理框架，整合隐私、网络安全与人工智能监管。企业需进行风险评估、管理自动化决策技术并接受强制性网络安全审计，合规成为运营核心而非简单政策声明。

California Gets Serious About Regulation (Again)

Security Boulevard

3 days ago

California’s privacy regime has evolved. As of January 1, 2026, the CCPA/CPRA now mandates risk assessments, automated decision-making (AI) oversight, and independent cybersecurity audits.

The post California Gets Serious About Regulation (Again) appeared first on Security Boulevard.

Mark Rasch

Submit #772855: CMSMadeSimple CMS Made Simple (CMSMS) 2.2.22 and old versions modules/UserGuide/lib/class.UserGuideImporterExporter.php [Accepted]

Vuldb Submit

3 days ago

Submit #772855 / VDB-354331

caginkyr

Слишком много лайков вредит здоровью. Еще одна страна решила выгнать детей из соцсетей

Securitylab.ru

3 days 1 hour ago

Вице-канцлер Австрии назвал алгоритмы соцсетей главной угрозой психике.

结合代码分析：CVE-2026-28409 WeGIA 远程代码执行漏洞

先知技术社区

3 days 1 hour ago

结合代码分析：CVE-2026-28409 WeGIA 远程代码执行漏洞

This month in security with Tony Anscombe – March 2026 edition

WeLiveSecurity

3 days 1 hour ago

The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan

中国多品牌电动两轮车计划下月涨价

不安全

3 days 1 hour ago

好的，我现在要帮用户总结这篇文章的内容。用户的要求是用中文，控制在100字以内，而且不需要以“文章内容总结”或“这篇文章”开头，直接写描述。首先，我需要通读整篇文章，抓住主要信息。文章提到多个电动两轮车品牌，包括九号、雅迪、台铃、爱玛等，计划从下个月起上调售价。涨价的原因有原材料成本上涨、工厂返利政策到期和优惠活动结束。这是继去年新国标发布后的首次集体涨价。雅迪的知情人士透露涨幅在200-300元，经销商也被通知加大备货。接下来，我要把这些信息浓缩到100字以内。重点包括品牌、涨价时间、原因、涨幅和经销商的行动。要注意用词简洁，避免重复。然后，我需要组织语言，确保流畅自然。比如，“国内主流电动两轮车品牌”可以简化为“主流电动两轮车品牌”，“计划从下月起”可以改为“计划自下月起”。同时，确保所有关键点都被涵盖：原材料成本上涨、返利政策到期、优惠结束、集体涨价、涨幅范围和经销商备货。最后，检查字数是否在限制内，并确保没有使用禁止的开头方式。这样就能提供一个准确且符合要求的总结。国内主流电动两轮车品牌如九号、雅迪等计划自下月起上调售价，涨幅约200-300元。此轮涨价系原材料成本上涨及优惠政策结束等因素所致，为行业首次集体调价。经销商已被告知加大备货以应对库存成本上升及需求波动。

One Tool to Rule the Clouds: Auditing AWS, Azure, and Alibaba with Cloudtoolkit

Penetration Testing Tools - Metepreter.org

3 days 1 hour ago

cloudtoolkit Interactive multi-cloud security assessment framework. Capability overview Providers Payload Supported Alibaba Cloud backdoor-user: Backdoored user can be

The post One Tool to Rule the Clouds: Auditing AWS, Azure, and Alibaba with Cloudtoolkit appeared first on Penetration Testing Tools.

ddos

Akira

Dark Feed IO

3 days 1 hour ago

You must login to view this content

cohenido

Axios Supply Chain Attack Exposes Developers to Hidden Malware

不安全

3 days 1 hour ago

嗯，用户让我总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。首先，我得通读整篇文章，抓住主要信息。文章讲的是2026年3月31日发生的Axios供应链攻击事件。攻击者利用被黑的npm账户发布了两个恶意版本的Axios库，植入了远程访问木马（RAT）。他们通过注入一个未使用的依赖包来执行恶意代码，并且在攻击后删除了痕迹，使得检测困难。接下来，我需要把这些信息浓缩到100字以内。要包括事件的时间、攻击手段、恶意版本、植入的木马、依赖包的注入以及攻击后的清除行为。可能的结构是：时间、攻击者如何行动、植入了什么、如何隐藏以及影响范围。这样既全面又简洁。最后，检查字数是否符合要求，并确保没有使用禁止的开头语句。 2026年3月31日，Axios供应链攻击事件曝光。攻击者利用被黑的npm账户发布恶意版本（1.14.1和0.30.4），植入远程访问木马（RAT）。通过注入未使用的依赖包[email protected]触发恶意代码，并删除自身痕迹以隐藏攻击行为。

Arch Linux全新的基于TUI文本用户界面的安装器发布将成为默认安装器

不安全

3 days 1 hour ago

嗯，用户让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。我先看看文章内容。文章主要讲的是Arch Linux发布了新的安装程序Archinstall 4.0，界面改成了TUI，也就是基于文本的用户界面。这应该是他们的一大改进点。还有其他新功能，比如支持firewalld、GRUB UKI菜单、加利西亚语等等。移除了对NTFS根文件系统的支持，把LVM助手移到了专用模块。用户的要求是用中文总结，一百字以内。所以我要抓住关键点：发布新版本4.0，TUI界面，新增功能和改进，成为默认安装程序。可能的结构是：Arch Linux发布4.0版本安装程序，采用TUI界面，新增功能包括支持firewalld、GRUB UKI菜单等，并将成为默认安装程序。检查一下字数，确保不超过一百字。再调整一下措辞，让句子更流畅自然。 Arch Linux发布全新4.0版本安装程序Archinstall，默认采用现代化TUI界面，并新增多项功能如支持firewalld、GRUB UKI菜单及加利西亚语等。

Aggregator

Managed ad