Aggregator

Submit #811555 / VDB-365341

A vulnerability identified as problematic has been detected in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. This vulnerability is traded as CVE-2026-9377. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. This vulnerability appears as CVE-2026-9376. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #813270 / VDB-365340

Submit #813253 / VDB-365339

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. [...]

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. It has been rated as critical. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. This vulnerability is reported as CVE-2026-9374. The attack is possible to be carried out remotely. No exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in JeecgBoot 3.9.1. It has been declared as critical. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. This vulnerability is documented as CVE-2026-9373. The attack can be executed remotely. There is not any exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #813252 / VDB-365338

Submit #813251 / VDB-365337

Submit #813250 / VDB-319243

NASA 计划对 JPL 的运营合同进行首次公开竞标。JPL 实验室自 1930 年代成立以来一直由加州理工管理，它与 NASA 的现有合同将于 2028 年到期，届时有可能首次失去对 JPL 的控制。加州理工自去年夏天以来一直为这一可能的过渡做准备，并不为此感到意外。JPL 长期负责火星和其它深空区域的无人探索，它以美国联邦资助研发中心（FFRDC）的形式运营，相对于 NASA 其它机构保持着一定的独立性，如果由非加州理工的机构竞标运营，可能会产生重大影响，因为 JPL 和加州理工之间的关系非常紧密。

Почему после обычного отзыва доступа нельзя расслабляться ещё как минимум полчаса?

Submit #813249 / VDB-347315

A vulnerability was found in ItzCrazyKns Vane up to 1.12.1. It has been classified as critical. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. This vulnerability is registered as CVE-2026-9372. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #813248 / VDB-322183

Submit #813211 / VDB-365336

Submit #813210 / VDB-365334

A vulnerability was found in Linux Kernel up to 7.0.9 and classified as critical. This affects the function skb_try_coalesce of the component net. The manipulation results in infinite loop. This vulnerability is cataloged as CVE-2026-43503. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.