Aggregator

CVE-2026-5682 | Meesho Online Shopping App up to 27.3 on Android com.meesho.supply /api/endpoint risky encryption

VulDB Recent Entries
1 week ago
A vulnerability was found in Meesho Online Shopping App up to 27.3 on Android. It has been declared as problematic. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. This vulnerability is listed as CVE-2026-5682. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

Hackers Use Poisoned Axios Package and Phantom Dependency to Spread Cross-Platform Malware

Cyber Security News
1 week ago

One of the most widely used JavaScript libraries in the world was turned into a weapon on March 30, 2026, when attackers poisoned the Axios npm package and silently deployed malware on developer machines running Windows, macOS, and Linux. With over 100 million weekly downloads, Axios is the most popular HTTP client in the JavaScript […]

The post Hackers Use Poisoned Axios Package and Phantom Dependency to Spread Cross-Platform Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-5681 | itsourcecode sanitize or validate this input 1.0 Parameter /borrowedequip.php emp_id sql injection

VulDB Recent Entries
1 week ago
A vulnerability was found in itsourcecode sanitize or validate this input 1.0. It has been classified as critical. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument emp_id causes sql injection. This vulnerability is tracked as CVE-2026-5681. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

Banning Routers Won’t Secure the Internet

不安全
1 week ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户的要求很明确,不需要特定的开头,直接写文章描述。 首先,我得通读整篇文章,理解其主要观点。文章讨论了Wi-Fi路由器从默默无闻到成为国家安全焦点的转变。美国FCC禁止销售外国制造的路由器,以应对潜在的安全威胁。但作者认为,这种方法并不实际,真正的问题在于固件和设备管理。 接下来,我需要提炼关键点:路由器的重要性提升、政策背景、作者的批评以及解决方案。要确保在100字内涵盖这些内容。 可能的结构是:先说明路由器成为焦点的原因,然后指出政策问题,最后提出正确的解决方向。这样既简洁又全面。 最后,检查字数是否符合要求,并确保语言流畅自然。 Wi-Fi路由器从默默无闻的家庭设备转变为国家安全焦点。美国FCC以安全风险为由禁止销售外国制造的路由器,但作者认为这一政策忽视了真正的安全问题——固件和设备管理漏洞。作者建议应关注设备维护和更新而非制造地限制。

CVE-2026-5679 | Totolink A3300R 17.0.0cu.557_B20221024 /cgi-bin/cstecgi.cgi vsetTr069Cfg stun_pass os command injection

VulDB Recent Entries
1 week ago
A vulnerability has been found in Totolink A3300R 17.0.0cu.557_B20221024 and classified as critical. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. This vulnerability is referenced as CVE-2026-5679. The attack needs to be initiated within the local network. Furthermore, an exploit is available.
vuldb.com

CVE-2026-5678 | Totolink A7100RU 7.4cu.2313_b20191024 /cgi-bin/cstecgi.cgi setScheduleCfg mode os command injection

VulDB Recent Entries
1 week ago
A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The identification of this vulnerability is CVE-2026-5678. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad