Aggregator

Submit #775117 / VDB-327354

A vulnerability was found in MacCMS up to 2025.1000.4052. It has been classified as problematic. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. The identification of this vulnerability is CVE-2026-4563. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in MacCMS 2025.1000.4052 and classified as critical. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. This vulnerability was named CVE-2026-4562. The attack may be performed from remote. In addition, an exploit is available.

Submit #775116 / VDB-352401

Submit #775050 / VDB-352400

Submit #775039 / VDB-352399

Как GPT-3.5 помогает собирать рабочие вирусы тем, кто не умеет кодить.

玄机上有几道pwn题没什么人做，特意花时间做了并且进行整理

Кликнул на сообщение — потерял все пароли, токены 2FA и три месяца переписки.

Name: PolyPwnCTF 2026 (an PolyPwnCTF event.)
Date: March 21, 2026, 10 a.m. — 21 March 2026, 21:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Polytechnique Montréal
Offical URL: https://polypwn.polycyber.io/
Rating weight: 0.00
Event organizers: PolyCyber

Name: ZeroDays CTF 2026 (an ZeroDays CTF event.)
Date: March 21, 2026, 10 a.m. — 21 March 2026, 17:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Dublin, Ireland
Offical URL: http://www.zerodays.ie/
Rating weight: 0
Event organizers: Ireland without the RE

Name: Undutmaning 2026 (an Undutmaning event.)
Date: March 21, 2026, 11 a.m. — 21 March 2026, 19:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://undutmaning.se/
Rating weight: 33.00
Event organizers: Undutmaning

南沙的五港联动和OpenClaw

Анализ трафика показал рекламу, трекеры, сторонние SDK и даже подмену серверов в одном из популярных клиентов.

该漏洞出自Xiaomi路由器BE10000 Pro 稳定版 存在授权后远程RCE漏洞

23-го апреля 2026-го года в Москве пройдет CIRF- конференция про ИБ свободная от официоза.

A vulnerability identified as problematic has been detected in NaturalIntelligence fast-xml-parser up to 5.5.5. Affected is the function replaceEntitiesValue. Performing a manipulation results in xml entity expansion. This vulnerability is identified as CVE-2026-33036. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical has been found in alexcrichton tar-rs up to 0.4.44. This impacts an unknown function. Performing a manipulation results in type confusion. This vulnerability is reported as CVE-2026-33055. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in pydicom up to 3.0.1. This impacts an unknown function of the component DICOM File Parser. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-32711. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Microsoft Windows. Impacted is an unknown function of the component Kernel. Executing a manipulation can lead to race condition. This vulnerability is handled as CVE-2025-62215. It is possible to launch the attack on the local host. Additionally, an exploit exists. It is advisable to implement a patch to correct this issue.