Aggregator

Submit #745108 / VDB-344631

A new open-source Python tool named EpsteIn enables users to check if their LinkedIn connections appear in over 3.5 million pages of Jeffrey Epstein court documents recently released by the U.S. Department of Justice. Developed by Christopher Finke, it runs locally to prioritize privacy amid rising interest in OSINT for network validation. EpsteIn indexes mentions […]

The post New Epstein Tool Searches LinkedIn Connections Against 3.5 Million Pages Epstein Files appeared first on Cyber Security News.

A vulnerability marked as problematic has been reported in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-2062. The attack can be initiated remotely. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.

Общая теория относительности объяснила, почему планет вокруг двойных звезд почти не существует.

Submit #744720 / VDB-344623

Security teams have discovered an active spam campaign that uses fake PDF documents to trick users into installing remote monitoring and management (RMM) software. The campaign targets organizations by sending emails containing PDF attachments that appear to be invoices, receipts, or important documents. When victims open these files, they see a message claiming the document […]

The post Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access appeared first on Cyber Security News.

A vulnerability labeled as critical has been found in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. This vulnerability is registered as CVE-2026-2061. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #744719 / VDB-344622

A vulnerability identified as critical has been detected in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-2060. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2026-2059. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. It has been rated as critical. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. This vulnerability is tracked as CVE-2026-2058. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #744286 / VDB-344621

Submit #744262 / VDB-344620

Submit #744261 / VDB-344619

Submit #744236 / VDB-344618

A vulnerability was found in SourceCodester Medical Center Portal Management System 1.0. It has been declared as critical. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. This vulnerability is identified as CVE-2026-2057. The attack can be executed remotely. Additionally, an exploit exists.

Mobile apps routinely collect and transmit personal data in ways that are difficult for users, developers, and regulators to verify. Permissions can reveal what an app can access, and privacy policies can claim what an app should do, yet neither reliably shows what data is actually collected and where it is sent during real use. A new analysis framework called mopri aims to reduce that gap by combining static and dynamic analysis into a modular … More →

The post Mobile privacy audits are getting harder appeared first on Help Net Security.

A vulnerability was found in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. It has been classified as problematic. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is referenced as CVE-2026-2056. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is recommended to apply restrictive firewalling.

A vulnerability was found in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01 and classified as problematic. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2026-2055. The attack may be launched remotely. Furthermore, there is an exploit available. The application of restrictive firewalling is recommended.

A vulnerability has been found in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01 and classified as problematic. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2026-2054. The attack may be initiated remotely. In addition, an exploit is available. It is suggested to use restrictive firewalling.