Aggregator

Submit #831944 / VDB-305733

A vulnerability categorized as critical has been discovered in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. This vulnerability is tracked as CVE-2026-10873. The attack can be launched remotely. Moreover, an exploit is present. This project is superseded by FreshTomato.

Submit #831871 / VDB-368367

A vulnerability was found in Shibby Tomato 1.28.0000. It has been rated as critical. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-10872. The attack can be initiated remotely. Additionally, an exploit exists. This project is superseded by FreshTomato.

Submit #831870 / VDB-368366

A vulnerability was found in Shibby Tomato 1.28.0000. It has been declared as critical. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. This vulnerability is referenced as CVE-2026-10871. It is possible to launch the attack remotely. Furthermore, an exploit is available. This project is superseded by FreshTomato.

A vulnerability was found in Shibby Tomato 1.28.0000. It has been classified as critical. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-10870. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This project is superseded by FreshTomato.

Вымышленная роботами статистика уже попала в государственные доклады Канады и Австралии.

Submit #831869 / VDB-368365

Submit #831868 / VDB-368364

Submit #831866 / VDB-368363

Submit #831867 / VDB-368363

Submit #831858 / VDB-368362

Submit #831857 / VDB-368361

Submit #831856 / VDB-368360

如今能力最强的商业 AI 模型对攻击者而言已经具备足够的实用价值，成为其杀伤链（kill chain）多个环节

A vulnerability was found in T3 T625Pro and T7281 and classified as critical. Affected by this issue is some unknown functionality. The manipulation results in use of hard-coded password. This vulnerability was named CVE-2026-35905. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability has been found in GNCC GP5 7.1.76 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File System Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-36180. It is possible to launch the attack on the physical device. No exploit exists.

A vulnerability, which was classified as critical, was found in GNCC GP5 7.1.76. Affected is an unknown function of the component Serial UART Interface. Executing a manipulation can lead to unrestricted upload. This vulnerability is handled as CVE-2026-36176. The physical device can be targeted for the attack. There is not any exploit available.

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]