Aggregator

Как нейросети незаметно уничтожают культуру открытого софта.

A vulnerability labeled as critical has been found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. This vulnerability is cataloged as CVE-2026-2068. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. This vulnerability is listed as CVE-2026-2067. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. This vulnerability is tracked as CVE-2026-2066. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Flycatcher Toys smART Pixelator 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-2065. The attack can only be performed from the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Alan discovers how the Super Bowl acts as a live-fire exercise in cybersecurity, requiring seamless coordination to manage massive attack surfaces and ensure integrity and trust in real time.

The post The Other Offense and Defense appeared first on Security Boulevard.

Submit #745262 / VDB-344635

Submit #745261 / VDB-344634

Submit #745260 / VDB-344633

Где сильнее логика, где лучше источники, а где удобнее документы и экосистема.

Submit #745129 / VDB-344632

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. This vulnerability is referenced as CVE-2026-2064. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Yoast SEO Plugin up to 26.8 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Block Attribute Handler. This manipulation of the argument yoast-schema causes cross site scripting. The identification of this vulnerability is CVE-2026-1293. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Employee Directory Plugin up to 1.2.1 on WordPress and classified as problematic. This impacts an unknown function of the component Shortcode Handler. The manipulation of the argument form_title results in cross site scripting. This vulnerability was named CVE-2026-1279. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in Events Listing Widget Plugin up to 1.3.4 on WordPress and classified as problematic. This affects an unknown function. The manipulation of the argument Event URL leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-1252. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in Code Snippets Plugin up to 3.9.4 on WordPress. The impacted element is the function Cloud_Search_List_Table. Executing a manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2026-1785. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Docus Plugin up to 1.0.6 on WordPress. The affected element is an unknown function of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-1888. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in TYDAC MAP+ up to 3.4.0. Impacted is an unknown function of the component PDF Export. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-0521. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in WP Duplicate Plugin up to 1.1.8 on WordPress. This issue affects the function process_add_site. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-1499. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. This vulnerability is reported as CVE-2026-2063. The attack can be launched remotely. Moreover, an exploit is present.