Aggregator

A vulnerability was found in Adobe Experience Manager up to 6.5.23 and classified as problematic. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-27237. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been classified as problematic. The impacted element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-27239. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been declared as problematic. This affects an unknown function. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-27231. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been rated as problematic. This impacts an unknown function. The manipulation of the argument form leads to cross site scripting. This vulnerability is referenced as CVE-2026-27232. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Adobe Experience Manager up to 6.5.23. Affected is an unknown function. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-27240. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Adobe Experience Manager up to 6.5.23. Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-27241. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Adobe Experience Manager up to 6.5.23. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-27242. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Adobe Experience Manager up to 6.5.23. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2026-27244. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

The French national cybersecurity agency, ANSSI, has promulgated its annual compendium of digital threats for the year 2025.

The post The High-Water Mark: ANSSI Reveals the Brutal New Reality of Cyber Espionage in 2025 appeared first on Penetration Testing Tools.

Cyber threats stubbornly resist confinement within the tidy taxonomies of orthodox malice—be it malware, credential exfiltration, or infrastructural

The post Identity is the New Exploit: Flashpoint Unveils the Rise of Agentic AI in its 2026 Threat Report appeared first on Penetration Testing Tools.

A vulnerability categorized as problematic has been discovered in libexif up to 0.6.25. This issue affects the function exif_mnote_data_get_value of the component MakerNotes Decoder. Such manipulation leads to integer underflow. This vulnerability is uniquely identified as CVE-2026-32775. Local access is required to approach this attack. No exploit exists.

A vulnerability described as critical has been identified in OpenHarmony up to 5.1.0.x. This affects an unknown function of the component Pre-installed Apps. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2025-52458. The attack is only possible with local access. There is not any exploit available.

A vulnerability classified as critical has been found in thermalright TR-VISION HOME up to 2.0.4 on Windows. This impacts an unknown function. This manipulation causes inclusion of functionality from untrusted control sphere. This vulnerability is tracked as CVE-2026-4255. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. This vulnerability is reported as CVE-2026-4225. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-4226. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2026-4227. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. This vulnerability is known as CVE-2026-4228. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

让每一只“龙虾”都能安全可控

A vulnerability classified as critical has been found in iText 7.1.17. This vulnerability affects the function ByteBuffer.append of the component PDF File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-24197. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Oracle Retail Xstore Point of Service 17.0.6/18.0.5/19.0.4/20.0.3/21.0.2 and classified as critical. The impacted element is an unknown function of the component Xenvironment. Such manipulation leads to time-of-check time-of-use. This vulnerability is documented as CVE-2022-23181. The attack needs to be performed locally. There is not any exploit available.