Aggregator

Submit #752063 / VDB-344869

Submit #751858 / VDB-344868

Submit #751857 / VDB-344867

Submit #751853 / VDB-344866

A vulnerability, which was classified as critical, was found in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-2163. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. This vulnerability appears as CVE-2026-2162. The attack may be initiated remotely. In addition, an exploit is available.

Submit #751764 / VDB-344865

A vulnerability classified as critical was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. This vulnerability is reported as CVE-2026-2161. The attack can be launched remotely. Moreover, an exploit is present.

Использование чужих ресурсов — лишь верхушка айсберга в этой сложной схеме.

Submit #751083 / VDB-344864

Submit #751082 / VDB-344863

A vulnerability classified as problematic has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. This vulnerability is documented as CVE-2026-2160. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as problematic has been identified in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. This vulnerability is registered as CVE-2026-2159. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #751016 / VDB-344862

Submit #750995 / VDB-344861

A vulnerability marked as critical has been reported in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. This vulnerability is cataloged as CVE-2026-2158. It is possible to initiate the attack remotely. There is no exploit available.

Submit #748816 / VDB-344860

Submit #748815 / VDB-306696

Submit #748764 / VDB-208081

OpenClaw announced today a partnership with VirusTotal, Google’s threat intelligence platform, to implement automated security scanning for all skills published to ClawHub, its AI agent marketplace. The integration marks the first comprehensive security initiative for the emerging AI agent ecosystem. All skills published to ClawHub will now undergo automatic scanning using VirusTotal’s threat intelligence database […]

The post OpenClaw Partners with VirusTotal to Secure AI Agent Skill Marketplace appeared first on Cyber Security News.