Mercedes Benz Turk Systems Allegedly Breached
You must login to view this content
Aggregator
CVE-2026-9607 | itsourcecode Courier Management System 1.0 /parcel_list.php s sql injection
4 days 20 hours ago
A vulnerability classified as critical has been found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results in sql injection.
This vulnerability is cataloged as CVE-2026-9607. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2026-9606 | itsourcecode Courier Management System 1.0 /manage_user.php ID sql injection
4 days 20 hours ago
A vulnerability described as critical has been identified in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection.
This vulnerability is listed as CVE-2026-9606. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2026-9605 | GNU libredwg up to 0.13.4.8160 Dwgbmp Utility bits.c bit_read_RC heap-based overflow (Issue 1248)
4 days 20 hours ago
A vulnerability marked as critical has been reported in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow.
This vulnerability is tracked as CVE-2026-9605. The attack is possible to be carried out remotely. Moreover, an exploit is present.
Applying a patch is the recommended action to fix this issue.
vuldb.com
Submit #818333: itsourcecode Courier Management System V1.0 SQL Injection [Accepted]
4 days 20 hours ago
Submit #818333 / VDB-365680
ziran
Submit #818198: itsourcecode Courier Management System 1.0 SQL Injection [Accepted]
4 days 20 hours ago
Submit #818198 / VDB-365679
zzl08
KRYBIT
4 days 20 hours ago
You must login to view this content
cohenido
Submit #818197: LibreDWG libredwg (including the dwgbmp utility) 0.13.4.8160 Buffer Overflow [Accepted]
4 days 20 hours ago
Submit #818197 / VDB-365678
r1ck9
CVE-2026-9604 | JeecgBoot up to 3.9.1 AiragModelController list/queryById access control (Issue 9599)
4 days 20 hours ago
A vulnerability labeled as critical has been found in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls.
This vulnerability is identified as CVE-2026-9604. The attack can be executed remotely. Additionally, an exploit exists.
The affected component should be upgraded.
vuldb.com
CVE-2026-9603 | SourceCodester eDoc Doctor Appointment System 1.0 delete-session.php ID authorization
4 days 20 hours ago
A vulnerability identified as critical has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization.
This vulnerability is referenced as CVE-2026-9603. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com
China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant
4 days 20 hours ago
A sophisticated China-linked hacking group has been caught targeting edge routers across Southeast Asia, deploying a custom-built Linux implant that gives them deep control over network traffic. The campaign has been rated critical in severity, and its reach extends well beyond the initial devices it compromises. The attackers install a malicious file called router.elf directly […]
The post China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant appeared first on Cyber Security News.
Tushar Subhra Dutta
Submit #818123: JeecgBoot 3.9.1 Improper Access Controls [Accepted]
4 days 20 hours ago
Submit #818123 / VDB-365677
AliceS614
Открыл архив — выполнил вредоносный код. 7-Zip приготовил неприятный сюрприз для пользователей
4 days 20 hours ago
Знакомая утилита оказалась куда опаснее, чем казалась на первый взгляд.
Submit #817935: SourceCodester eDoc Doctor Appointment System 1.0 Missing Authorization [Accepted]
4 days 20 hours ago
Submit #817935 / VDB-365676
vaibhavnarkhede
CVE-2026-25112 | Genetec RabbitMQ permission assignment
4 days 20 hours ago
A vulnerability categorized as problematic has been discovered in Genetec RabbitMQ, Mission Control, Sipelia, Industrial IoT, Airport Operational Manager, Restricted Security Area and Inter-System Gateway. Affected by this issue is some unknown functionality. Executing a manipulation can lead to incorrect permission assignment.
The identification of this vulnerability is CVE-2026-25112. The attack can only be executed locally. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-46620 | e107 CMS up to 2.3.4 session_handler::check cross-site request forgery
4 days 20 hours ago
A vulnerability was found in e107 CMS up to 2.3.4. It has been rated as problematic. Affected by this vulnerability is the function session_handler::check. Performing a manipulation results in cross-site request forgery.
This vulnerability was named CVE-2026-46620. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-43936 | e107 CMS up to 2.3.3 server-side request forgery
4 days 20 hours ago
A vulnerability was found in e107 CMS up to 2.3.3. It has been declared as critical. Affected is an unknown function. Such manipulation leads to server-side request forgery.
This vulnerability is uniquely identified as CVE-2026-43936. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-43935 | e107 CMS up to 2.3.3 Header Host input validation
4 days 20 hours ago
A vulnerability was found in e107 CMS up to 2.3.3. It has been classified as critical. This impacts an unknown function of the component Header Handler. This manipulation of the argument Host causes improper input validation.
This vulnerability is handled as CVE-2026-43935. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-43934 | e107 CMS up to 2.3.3 access control
4 days 20 hours ago
A vulnerability was found in e107 CMS up to 2.3.3 and classified as critical. This affects an unknown function. The manipulation results in improper access controls.
This vulnerability is known as CVE-2026-43934. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-48688 | FastNetMon Community Edition up to 1.2.9 src/bgp_protocol.cpp decode_mp_reach_ipv6 out-of-bounds
4 days 20 hours ago
A vulnerability has been found in FastNetMon Community Edition up to 1.2.9 and classified as problematic. The impacted element is the function decode_mp_reach_ipv6 of the file src/bgp_protocol.cpp. The manipulation leads to out-of-bounds read.
This vulnerability is traded as CVE-2026-48688. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com