Aggregator

A vulnerability classified as problematic has been found in Keycloak on Red Hat. This vulnerability affects unknown code of the component JWT Handler. This manipulation of the argument azp causes origin validation error. This vulnerability is handled as CVE-2026-37977. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5640. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #792963 / VDB-355519

Submit #792962 / VDB-355518

Submit #792947 / VDB-355517

Submit #792946 / VDB-355516

Submit #792945 / VDB-355515

Submit #792799 / VDB-250459

Submit #792798 / VDB-355506

A profound architectural frailty has been unearthed within a ubiquitous server management console, permitting an adversary to usurp

The post One Username to Rule Them All: The Persistent RCE Shadow Haunting Control Web Panel appeared first on Penetration Testing Tools.

A vulnerability marked as critical has been reported in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. This vulnerability appears as CVE-2026-5687. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-5686. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-5685. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability categorized as critical has been discovered in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-5684. The attack requires access to the local network. Furthermore, an exploit is available.

A sophisticated evolution of the venerable Rowhammer assault has unexpectedly yielded ramifications far more profound than previously envisioned.

The post Sovereign Control: How “Multi-Layered” Rowhammer Flips Bits to Hijack NVIDIA GPUs appeared first on Penetration Testing Tools.

A vulnerability was found in Tenda CX12L 16.03.53.12. It has been rated as critical. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-5683. The attack must originate from the local network. Furthermore, there is an exploit available.

The recent incursion into the cryptocurrency sanctuary Drift, which culminated in the exfiltration of $285 million, has been

The post The Long Game: How North Korea’s UNC4736 Spent Six Months Infiltrating Drift for a $285M Payday appeared first on Penetration Testing Tools.

Submit #792785 / VDB-355514

Submit #792783 / VDB-355513

Submit #792782 / VDB-355512