Aggregator

A vulnerability was found in D-Link DWR-932B. It has been rated as critical. Affected is an unknown function of the component qmiweb. This manipulation with the input ..%2F causes path traversal. This vulnerability is handled as CVE-2016-10184. The attack can be initiated remotely. There is not any exploit available. It is advisable to implement restrictive firewalling.

A vulnerability categorized as critical has been discovered in D-Link DWR-932B. Affected by this vulnerability is an unknown functionality of the file /var/miniupnpd.conf. Such manipulation leads to 7pk security features. This vulnerability is uniquely identified as CVE-2016-10185. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in D-Link DWR-932B. Affected by this issue is some unknown functionality of the file /var/miniupnpd.conf of the component UPnP. Performing a manipulation results in improper resource management. This vulnerability was named CVE-2016-10186. The attack may be initiated remotely. There is no available exploit. It is suggested to use restrictive firewalling.

A vulnerability labeled as critical has been found in WordPress up to 4.7.1. This affects an unknown part of the file wp-admin/includes/class-wp-press-this.php of the component Press This. Executing a manipulation can lead to information disclosure. The identification of this vulnerability is CVE-2017-5610. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in WordPress up to 4.7.1. This vulnerability affects unknown code of the file wp-includes/class-wp-query.php of the component WP_Query. The manipulation leads to sql injection. This vulnerability is referenced as CVE-2017-5611. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in WordPress up to 4.3.7/4.4.6/4.5.5/4.6.2/4.7.1. This issue affects some unknown processing of the file wp-admin/includes/class-wp-posts-list-table.php. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2017-5612. The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.

A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that "no product changes were made," despite the researcher documenting a silent fix. [...]

AI Adoption Is Accelerating, but Workforce Capability Isn't Keeping Pace
Technology will continue to evolve. AI will embed itself across enterprise environments and attack surfaces will expand regardless of organizational readiness. The real challenge lies on the upskilling side, where the gap is widening - often without immediate visibility.

3-Week Court Battle Exposes Dark Side of AI Vendors and Their Promises
The Musk v. Altman trial produced something more unsettling than a verdict. It revealed an AI industry built on promises that turned out to be negotiable, governed by people whose colleagues called them liars under oath. Enterprise buyers should be paying attention.

License Frontier AI to Practice Medicine, Argues JAMA Article
Scrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine.

Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI Risks
SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities.

Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access
A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without authentication. The authentication bypass vulnerability stems from a broken peering authentication mechanism.

вазичастицы экситон-поляритоны помогли выполнить оптическое переключение почти без потерь энергии.

2026 柏林 p2o 三天赛程结束，结果刚刚在 OffensiveCon 闭幕会上揭晓。DEVCORE 拿下 Master of Pwn，STARLabs SG 紧随其后。 今年比赛戏份很足。由于 AI 加成，报名火爆程度超出主办方预料，有不少队伍没报上名。有人干脆就先交给厂商了。赛前 FireFox 紧急发布补丁干掉了一个队伍的项目。Palo Alto Networks 有一个难度相当高的 Safari RCE，赛前在 M4 硬件上调试，临期才告知最终环境是 M5。不巧遇上法定假日商店都不开门，没有买到和比赛环境匹配的设备，最终只差了一个 bit 适配问题遗憾没有演示成功。 不少项目感觉都很有意思。个人最期待🍊神用纯逻辑漏洞链打下 Edge 浏览器的项目，坐等公开细节[666]

Без лунного него суперкомпьютеры останутся лабораторными игрушками.

A vulnerability was found in xiandafu beetl up to 3.20.2. It has been rated as critical. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of special elements used in an expression language statement. This vulnerability is referenced as CVE-2026-8759. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. It has been declared as critical. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The identification of this vulnerability is CVE-2026-8758. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #811316 / VDB-364386