Aggregator

Submit #807581 / VDB-360909

A vulnerability, which was classified as critical, has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. This vulnerability is tracked as CVE-2026-7733. The attack is possible to be carried out remotely. Moreover, an exploit is present. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as critical was found in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. This vulnerability is identified as CVE-2026-7732. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STATE_ID leads to sql injection. This vulnerability is referenced as CVE-2026-7731. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The identification of this vulnerability is CVE-2026-7730. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #807559 / VDB-360908

A vulnerability marked as critical has been reported in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. This vulnerability was named CVE-2026-7729. The attack may be initiated remotely. In addition, an exploit is available. The pull request to fix this issue awaits acceptance.

Submit #807558 / VDB-360907

Submit #807557 / VDB-360906

VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide.

A vulnerability labeled as critical has been found in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. This vulnerability is uniquely identified as CVE-2026-7728. The attack can be launched remotely. Moreover, an exploit is present. It is best practice to apply a patch to resolve this issue.

Submit #807541 / VDB-360905

Submit #807539 / VDB-360904

Мессенджер не отличал .docx от .exe. И вот чем это обернулось…

Submit #807538 / VDB-360903

A vulnerability identified as critical has been detected in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. This vulnerability is handled as CVE-2026-7727. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

威胁情报生态系统的产出与共享 by ourren

Gemini Enterprise Agent Platform — Govern 深度技术解析 by ourren

nginxpulse: 轻量级 Nginx 访问日志分析与可视化面板 by ourren

本体：大模型的语义操作系统 by ourren

人工智能的软件基础（复旦大学2026年春季学期） by ourren

SoftwareCopyright-Skill: 中国软件著作权申请材料Skills by ourren

更多最新文章，请访问SecWiki

Submit #803268 / VDB-360902

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.3.12/6.4.3. This affects the function ufshcd_queuecommand of the file drivers/ufs/core/ufshcd.c. Performing a manipulation results in double free. This vulnerability is cataloged as CVE-2023-53510. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.2.15/6.3.2. Impacted is the function amdgpu_cs_submit. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-53228. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.