Aggregator

A vulnerability categorized as critical has been discovered in Kodmatic Online Exam and Assessment up to 30012026. This issue affects some unknown processing. The manipulation results in sql injection. This vulnerability is reported as CVE-2025-4686. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Dolibarr up to 11.0.3. It has been rated as problematic. This vulnerability affects unknown code of the file /dolibarr/admin/ldap.php of the component LDAP Synchronization Settings. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2020-36966. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Php-Fusion PHPFusion up to 9.03.50. It has been declared as problematic. This affects an unknown part of the file print.php. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2020-36996. It is possible to launch the attack remotely. No exploit is available.

黄金还能涨N年？

Почему бесконтрольный сбор данных внезапно стал угрозой для безопасности детей.

The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users' computers.

The latest phase of the global law enforcement action resulted in seizing three industrial-scale illegal IPTV services. [...]

Seoul Metropolitan Police, as part of their investigation into the data breach at online retail giant Coupang, brought in acting CEO Harold Rogers.

Публикация наконец станет ежедневной рутиной, а не рискованной точкой входа.

ProphetFuzz：一种仅通过大语言模型利用文档实现高风险选项组合全自动预测与模糊测试的方法 by 花菜

更多最新文章，请访问SecWiki

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. It has been classified as problematic. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. This vulnerability is cataloged as CVE-2026-1705. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in ChurchCRM up to 6.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Create Events. Such manipulation of the argument Description leads to cross site scripting. This vulnerability is listed as CVE-2026-24855. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in NaturalIntelligence fast-xml-parser up to 5.3.3 and classified as problematic. Affected is an unknown function. This manipulation causes denial of service. This vulnerability is tracked as CVE-2026-25128. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in vendurehq vendure up to 3.5.2. This impacts the function NativeAuthenticationStrategy.authenticate of the file packages/core/src/config/auth/native-authentication-strategy.ts. The manipulation results in exposure of sensitive information through data queries. This vulnerability is identified as CVE-2026-25050. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Silabs Zigbee Stack up to 4.4.6/2025.6.1. This affects an unknown function. The manipulation leads to improper handling of values. This vulnerability is referenced as CVE-2025-7964. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in ChurchCRM up to 6.7.1. The impacted element is an unknown function of the file /PaddleNumEditor.php. Executing a manipulation of the argument PerID can lead to sql injection. The identification of this vulnerability is CVE-2026-24854. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

想象一下，你打开一个飞机跟踪网站，本来想看看实时航班，突然发现一架标着美国“空军一号”的飞机，在美国佛罗里达的

Submit #742421 / VDB-343510