Red Canary CFP tracker: April 2026
Red Canary's monthly roundup of upcoming security conferences and call for papers (CFP) submission deadlines
Aggregator
CVE-2026-30877 | baserproject basercms up to 5.2.2 User Account update os command injection (GHSA-m9g7-rgfc-jcm7 / CNNVD-202603-6291)
1 week ago
A vulnerability was found in baserproject basercms up to 5.2.2 and classified as critical. The affected element is the function update of the component User Account Handler. Executing a manipulation can lead to os command injection.
This vulnerability is handled as CVE-2026-30877. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-32957 | baserproject basercms up to 5.2.2 require_once unrestricted upload (GHSA-hv78-cwp4-8r7r / CNNVD-202603-6293)
1 week ago
A vulnerability was found in baserproject basercms up to 5.2.2 and classified as critical. This vulnerability affects the function require_once. Such manipulation leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2025-32957. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-21861 | baserproject basercms up to 5.2.2 exec os command injection (GHSA-qxmc-6f24-g86g / CNNVD-202603-6295)
1 week ago
A vulnerability was found in baserproject basercms up to 5.2.2. It has been declared as critical. This affects the function exec. The manipulation results in os command injection.
This vulnerability was named CVE-2026-21861. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-27697 | baserproject basercms up to 5.2.2 Blog Post sql injection (GHSA-vh89-rjph-2g7p / CNNVD-202603-6292)
1 week ago
A vulnerability labeled as critical has been found in baserproject basercms up to 5.2.2. Affected by this issue is some unknown functionality of the component Blog Post Handler. Executing a manipulation can lead to sql injection.
This vulnerability is tracked as CVE-2026-27697. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.
vuldb.com
48 Hours: The Window Between Infostealer Infection and Dark Web Sale
1 week ago
New research maps the full infostealer lifecycle. Your credentials go from an employee’s device to an underground marketplace in less time than it takes your security team to notice anything is wrong. On March 24, 2026, researchers at Whiteintel’s Intelligence Division published a detailed map of the full infostealer lifecycle, tracing the exact sequence from […]
The post 48 Hours: The Window Between Infostealer Infection and Dark Web Sale appeared first on Security Boulevard.
Christine Castro
Русская рулетка в MAX: Отправь видео жене, а получит его ребенок из другого города
1 week ago
В мессенджере обнаружили сбой: видеосообщения доставляются не тем получателям.
Significant Aerospace DevOps Data Leak Identified on Darknet
1 week ago
You must login to view this content
cohenido
Brazilian Veterinary Registry Data Offered on Darknet Forum
1 week ago
You must login to view this content
cohenido
瑞典回归传统的基于纸质的课堂教育模式
1 week ago
数字化教育和社交媒体给儿童和青少年带来的问题最近几年日益受到关注和争论。瑞典和其它国家一样,过去几十年逐渐放弃纸质书籍,切换到平板电脑和数字资源,试图让学生为网络世界做好准备。但数字化教育的争议最终促使瑞典在 2023 年宣布回归传统的基于纸质的课堂教育模式,纸质书籍重新回到课堂,学生开始学习用铅笔或钢笔在纸上手写,以最传统的方式进行学习。瑞典政府还计划在全国范围内推行学校禁止使用手机政策。这标志着瑞典教育模式的重大转变。瑞典官员强调,学校不会完全摒弃数字技术。数字辅助工具主要用于帮助高年级年龄段学生进行学习。
The Anthropic Code Leak: When a Packaging Error Becomes a Supply Chain Risk
1 week ago
In March 2026, portions of Anthropic’s internal “Claude Code” were exposed publicly through an npm package misconfiguration. The incident was […]
The post The Anthropic Code Leak: When a Packaging Error Becomes a Supply Chain Risk appeared first on HawkEye.
Ben O
Vulta Intelligence Launches as Credential Lookup Service With 14.2 Billion Indexed Records, Telegram Bot, and Pay-Per-Query ULP Extraction
1 week ago
Vulta Intelligence Launches as Credential Lookup Service With 14.2 Billion Indexed Records, Telegram Bot, and Pay-Per-Query ULP Extraction
Dark Web Informer
Anthropic Leaks 512,000 Lines of Claude AI Code in Major Blunder
1 week ago
Human error exposed 512,000+ lines of Anthropic Claude AI Code, revealing KAIROS and Capybara secrets, pushing users to switch to the Native Installer.
Deeba Ahmed
网络犯罪论坛日志揭示了参与人员的匿名网络选择习惯
1 week ago
一般威胁行为者登录系统时,绝不会使用真实 IP 地址。
Прощай, «super_boy_1998»: Google наконец-то разрешила нам повзрослеть и сменить позорную почту
1 week ago
Новая функция позволяет входить в сервисы и по старому, и по новому адресу почты
CVE-2026-5271 | pymanager up to 26.0 Working Directory (GHSA-jr5x-hgm4-rrm6)
1 week ago
A vulnerability, which was classified as problematic, was found in pymanager up to 26.0. Impacted is an unknown function of the component Working Directory Handler. The manipulation results in an unknown weakness.
This vulnerability was named CVE-2026-5271. The attack needs to be approached locally. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2026-35093 | libinput Lua code injection (EUVD-2026-17907)
1 week ago
A vulnerability, which was classified as critical, has been found in libinput. This issue affects some unknown processing of the component Lua Handler. The manipulation leads to code injection.
This vulnerability is uniquely identified as CVE-2026-35093. Local access is required to approach this attack. No exploit exists.
vuldb.com
CVE-2026-35094 | libinput expired pointer dereference (EUVD-2026-17909)
1 week ago
A vulnerability classified as problematic was found in libinput. This vulnerability affects unknown code. Executing a manipulation can lead to expired pointer dereference.
This vulnerability is handled as CVE-2026-35094. It is possible to launch the attack on the local host. There is not any exploit available.
vuldb.com
CVE-2026-30289 | Tinybeans Private Family Album App 5.9.5-prod Local Privilege Escalation (ID 17)
1 week ago
A vulnerability classified as problematic has been found in Tinybeans Private Family Album App 5.9.5-prod. This affects an unknown part. Performing a manipulation results in Local Privilege Escalation.
This vulnerability is known as CVE-2026-30289. Attacking locally is a requirement. No exploit is available.
vuldb.com
CVE-2026-34999 | Volcengine OpenViking up to 0.2.13 /bot/v1/chat missing authentication (EUVD-2026-17905)
1 week ago
A vulnerability described as critical has been identified in Volcengine OpenViking up to 0.2.13. Affected by this issue is some unknown functionality of the file /bot/v1/chat. Such manipulation leads to missing authentication.
This vulnerability is traded as CVE-2026-34999. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com