Aggregator

Submit #768239 / VDB-349761

A vulnerability marked as critical has been reported in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. The identification of this vulnerability is CVE-2026-3793. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. This vulnerability was named CVE-2026-3792. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. This vulnerability is uniquely identified as CVE-2026-3791. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Parameter Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. This vulnerability is handled as CVE-2026-3790. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Bytedesk up to 1.3.9. It has been rated as critical. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl results in server-side request forgery. This vulnerability is known as CVE-2026-3789. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Bytedesk up to 1.3.9. It has been declared as critical. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of the argument apiUrl leads to server-side request forgery. This vulnerability is traded as CVE-2026-3788. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #768048 / VDB-349760

Submit #768047 / VDB-349759

Submit #768046 / VDB-349758

Submit #768045 / VDB-349757

Submit #768044 / VDB-349756

Submit #768043 / VDB-349755

A vulnerability was found in UltraVNC 1.6.4.0 on Windows. It has been classified as problematic. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. This vulnerability appears as CVE-2026-3787. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #767257 / VDB-349754

好的，用户让我用中文总结一篇文章，控制在100字以内，不需要特定的开头。首先，我需要快速阅读并理解文章内容。文章主要讲的是如何通过免费资源学习网络道德黑客技术，提到了基础知识如网络、Linux和编程，推荐了一些在线平台和课程，还提到了证书、书籍、社区资源以及实践的重要性。 接下来，我要把这些要点浓缩到100字以内。确保涵盖主要方面：学习路径、资源类型（平台、书籍、社区）、实践建议。同时，语言要简洁明了，避免使用复杂的词汇。 可能的结构是：先介绍学习路径和资源，然后提到实践方法和社区支持。这样既全面又简洁。检查字数是否符合要求，确保没有遗漏关键点。 最后，生成一个流畅的总结句，直接描述文章内容，不使用固定开头。 文章介绍了学习网络道德黑客技术的免费资源和建议，包括基础知识（如网络、Linux和编程）、推荐平台（如TryHackMe、Hack The Box）、证书（如CompTIA Trifecta和OSCP）、书籍、YouTube教程以及参与CTF竞赛和社区支持的重要性。

好的，我现在需要帮用户总结这篇文章的内容，控制在100个字以内。首先，我得仔细阅读文章，了解主要内容。文章主要讲的是如何通过免费资源学习道德黑客，包括基础知识、在线平台、认证、书籍、社区和实践等。 接下来，我要确定用户的需求。用户可能是一名刚开始学习道德黑客的学生或者自学者，想要快速了解有哪些资源可用。他们可能希望得到一个简洁明了的总结，方便快速浏览。 然后，我需要提取关键点：网络基础、Linux、编程（尤其是Python）、推荐的平台如TryHackMe和Hack The Box，以及认证如CompTIA和OSCP。此外，还有书籍、YouTube教程、社区支持和实践建议。 现在，我要把这些内容浓缩到100字以内。要注意用词简洁，涵盖所有重要方面。例如，“学习道德黑客的免费资源指南”可以作为开头。然后列出主要部分：基础知识（网络、Linux、编程）、推荐平台、认证建议、书籍和社区资源，并强调实践的重要性。 最后，检查字数是否符合要求，并确保内容连贯易懂。这样用户就能迅速获取所需信息，开始他们的学习之旅。 本文介绍了学习道德黑客的免费资源和方法，包括掌握网络基础、Linux系统和编程技能（尤其是Python），推荐了TryHackMe、Hack The Box等在线平台和课程，并建议通过虚拟机搭建实验环境进行实践。此外还提到了相关认证（如CompTIA Trifecta和OSCP）及参与CTF竞赛的重要性。

A vulnerability was found in EasyCMS up to 1.6 and classified as critical. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. This vulnerability is reported as CVE-2026-3786. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in EasyCMS up to 1.6 and classified as critical. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order leads to sql injection. This vulnerability is documented as CVE-2026-3785. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in Authlib up to 1.6.6. The affected element is an unknown function of the component JWT Handler. The manipulation results in improper verification of cryptographic signature. This vulnerability is known as CVE-2026-28802. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.