Aggregator

Submit #832154 / VDB-368368

A vulnerability labeled as critical has been found in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument social_twitter results in sql injection. This vulnerability is cataloged as CVE-2026-10875. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument social_insta leads to sql injection. This vulnerability is listed as CVE-2026-10874. The attack may be initiated remotely. In addition, an exploit is available.

Submit #831944 / VDB-305733

A vulnerability categorized as critical has been discovered in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. This vulnerability is tracked as CVE-2026-10873. The attack can be launched remotely. Moreover, an exploit is present. This project is superseded by FreshTomato.

Submit #831871 / VDB-368367

A vulnerability was found in Shibby Tomato 1.28.0000. It has been rated as critical. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-10872. The attack can be initiated remotely. Additionally, an exploit exists. This project is superseded by FreshTomato.

Submit #831870 / VDB-368366

A vulnerability was found in Shibby Tomato 1.28.0000. It has been declared as critical. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. This vulnerability is referenced as CVE-2026-10871. It is possible to launch the attack remotely. Furthermore, an exploit is available. This project is superseded by FreshTomato.

A vulnerability was found in Shibby Tomato 1.28.0000. It has been classified as critical. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-10870. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This project is superseded by FreshTomato.

Вымышленная роботами статистика уже попала в государственные доклады Канады и Австралии.

Submit #831869 / VDB-368365

Submit #831868 / VDB-368364

Submit #831866 / VDB-368363

Submit #831867 / VDB-368363

Submit #831858 / VDB-368362

Submit #831857 / VDB-368361

Submit #831856 / VDB-368360

如今能力最强的商业 AI 模型对攻击者而言已经具备足够的实用价值，成为其杀伤链（kill chain）多个环节

A vulnerability was found in T3 T625Pro and T7281 and classified as critical. Affected by this issue is some unknown functionality. The manipulation results in use of hard-coded password. This vulnerability was named CVE-2026-35905. The attack needs to be approached within the local network. There is no available exploit.