Aggregator

CVE-2026-42376 | D-Link DIR-456U A1 S80telnetd.sh strcmp hard-coded credentials

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability classified as critical was found in D-Link DIR-456U A1. This vulnerability affects the function strcmp of the file /etc/init0.d/S80telnetd.sh. The manipulation results in hard-coded credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2026-42376. Access to the local network is required for this attack. No exploit is available.
vuldb.com

CVE-2026-42375 | D-Link DIR-600L A1 /bin/telnetd.sh strcmp hard-coded credentials

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability classified as critical has been found in D-Link DIR-600L A1. This affects the function strcmp of the file /bin/telnetd.sh. The manipulation leads to hard-coded credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-42375. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

CVE-2026-42374 | D-Link DIR-600L B1 /bin/telnetd.sh strcmp hard-coded credentials (EUVD-2026-27025)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability described as critical has been identified in D-Link DIR-600L B1. Affected by this issue is the function strcmp of the file /bin/telnetd.sh. Executing a manipulation can lead to hard-coded credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2026-42374. The attacker needs to be present on the local network. There is no available exploit.
vuldb.com

CVE-2026-42373 | D-Link DIR-605L B2 /bin/telnetd.sh strcmp hard-coded credentials (EUVD-2026-27023)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability marked as critical has been reported in D-Link DIR-605L B2. Affected by this vulnerability is the function strcmp of the file /bin/telnetd.sh. Performing a manipulation results in hard-coded credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-42373. The attacker must have access to the local network to execute the attack. No exploit exists.
vuldb.com

CVE-2026-42372 | D-Link DIR-605L A1 /bin/telnetd.sh strcmp hard-coded credentials

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability labeled as critical has been found in D-Link DIR-605L A1. Affected is the function strcmp of the file /bin/telnetd.sh. Such manipulation leads to hard-coded credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-42372. The attack requires being on the local network. There is not any exploit available.
vuldb.com

CVE-2026-29514 | NetBox up to 4.5.4 RenderTemplateMixin.get_environment_params finalize permissive list of allowed inputs (EUVD-2026-26997)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability identified as critical has been detected in NetBox up to 4.5.4. This impacts the function RenderTemplateMixin.get_environment_params. This manipulation of the argument finalize causes permissive list of allowed inputs. This vulnerability is registered as CVE-2026-29514. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

The Hackers News
1 month 2 weeks ago
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.  The
The Hacker News

New MicroStealer Malware Actively Attacking Telecom & Education Sectors

Cyber Security News
1 month 2 weeks ago

A new infostealer malware called MicroStealer has quietly entered the threat landscape and is already showing a worrying reach. First spotted in December 2025, the malware has picked up speed fast, showing up across sandbox environments within weeks of its initial appearance in the wild. What makes it stand out is its ability to fly […]

The post New MicroStealer Malware Actively Attacking Telecom & Education Sectors appeared first on Cyber Security News.

Tushar Subhra Dutta

Bluekit Phishing Kit Automates Domains, 2FA Lures, and Session Hijacking in One Panel

Cyber Security News
1 month 2 weeks ago

A newly identified phishing kit called Bluekit is changing how cybercriminals carry out phishing attacks by packing multiple attack capabilities into a single, easy-to-use operator panel. Rather than relying on separate tools stitched together from different sources, Bluekit gives attackers one centralized platform to manage everything from fake website creation to session hijacking. For years, […]

The post Bluekit Phishing Kit Automates Domains, 2FA Lures, and Session Hijacking in One Panel appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-7785 | A-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture os command injection

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability categorized as critical has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. This vulnerability is cataloged as CVE-2026-7785. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-36365 | Lymphatus caesium-image-compressor up to 02da2c6 PostCompressionActions.cpp shutdownMachine/putMachineToSleep Local Privilege Escalation (EUVD-2026-26976)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in Lymphatus caesium-image-compressor up to 02da2c6. It has been declared as problematic. The affected element is the function shutdownMachine/putMachineToSleep of the file PostCompressionActions.cpp. Executing a manipulation can lead to Local Privilege Escalation. This vulnerability is tracked as CVE-2026-36365. The attack is restricted to local execution. No exploit exists.
vuldb.com

Managed ad