Aggregator

A vulnerability was found in SPIP up to 4.4.7. It has been classified as problematic. Affected is an unknown function of the component iFrame Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-26223. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Hyland Alfresco Transformation Service and Alfresco Community and classified as problematic. This impacts an unknown function. This manipulation causes absolute path traversal. This vulnerability appears as CVE-2026-26337. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Phpscriptsmall Fiverr Clone Script 1.2.2. It has been rated as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument page results in sql injection. This vulnerability was named CVE-2019-25444. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability identified as problematic has been detected in openITCOCKPIT up to 5.3.x. This affects the function unserialize of the component Changelog Entries Handler. Performing a manipulation results in deserialization. This vulnerability was named CVE-2026-24892. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in LabCollector 5.423. This impacts an unknown function of the file login.php. This manipulation of the argument Login causes sql injection. This vulnerability is tracked as CVE-2019-25438. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Hyland Alfresco Transformation Service and Alfresco Community and classified as critical. Affected is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-26338. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in NaturalIntelligence fast-xml-parser up to 5.3.4. The impacted element is an unknown function. The manipulation results in incorrect regular expression. This vulnerability is cataloged as CVE-2026-25896. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as problematic was found in SPIP up to 4.4.8. The affected element is the function echappe_anti_xss. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2026-27474. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in SPIP up to 4.1.19/4.2.16/4.3.5. This affects an unknown function. This manipulation causes improper authentication. This vulnerability is registered as CVE-2025-71242. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SPIP up to 4.1.19/4.2.16/4.3.5. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-71241. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.10/6.19.0. The affected element is the function lookup_chann_list of the component ksmbd. Performing a manipulation results in use after free. This vulnerability is cataloged as CVE-2026-23226. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in pretix pretix-newsletter up to 1.x/2.0.0. Impacted is an unknown function of the component Placeholder Handler. Executing a manipulation can lead to dynamic variable evaluation. This vulnerability is handled as CVE-2026-2452. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Since the twilight of 2025, Cisco Talos has been vigilantly tracking a malicious campaign directed against educational and

The post Encrypted Deception: Cisco Talos Unmasks “Dohdoor” and the Stealthy UAT-10027 Campaign Targeting Healthcare appeared first on Penetration Testing Tools.

In late January 2026, American law enforcement agencies dismantled a prominent platform that had served for years as

The post The Great Dispersal: How the Fall of the RAMP Forum Birthed a New Breed of Ransomware Enclaves appeared first on Penetration Testing Tools.

“Who are you, and why should the Linux kernel trust you?” Within the kernel development community, this query

The post The End of PGP? How “Linux ID” is Revolutionizing Kernel Trust in the Wake of xz Utils appeared first on Penetration Testing Tools.

A mundane telephony vulnerability has metamorphosed into a comprehensive server capitulation. Cybersecurity specialists have unearthed a pernicious web

The post Ask Master: The “EncystPHP” Web Shell is Silently Annexing Global FreePBX Telephony Servers appeared first on Penetration Testing Tools.

分享笔者在Java Nashorn引擎代码注入遇到的对抗场景及绕过技术

Автономный бот взломал репозитории Microsoft и Datadog.

好，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户的要求很明确，不需要以“文章内容总结”或“这篇文章”开头，直接写描述即可。 首先，我得通读文章，抓住主要内容。文章讲的是OpenAI与美国国防部合作后，导致ChatGPT在美国的卸载量激增。同时，竞争对手Anthropic因为不与国防部合作，下载量反而上升了。 接下来，我需要提取关键数据：2月28日卸载量环比增长295%，而平时只有约9%。同时，Claude的下载量在两天内分别增长37%和51%。ChatGPT的下载量则在协议公开后两天分别下降13%和5%。 然后，我要把这些信息浓缩成简洁的句子，确保不超过100字。要注意逻辑连贯，突出合作引发的卸载增加和竞争对手的情况。 最后，检查一下有没有遗漏的重要信息，并确保语言流畅自然。 OpenAI与美国国防部合作引发用户不满，ChatGPT在美国的卸载量激增295%，而竞争对手Claude下载量大增。