Aggregator

CVE-2026-2129 | D-Link DIR-823X 250416 /goform/set_ac_status ac_ipaddr/ac_ipstatus/ap_randtime os command injection (EUVD-2026-5819 / WID-SEC-2026-0340)

Vuldb Updates
3 days 12 hours ago
A vulnerability classified as critical has been found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. This vulnerability was named CVE-2026-2129. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-2084 | D-Link DIR-823X 250416 /goform/set_language langSelection os command injection (EUVD-2026-5729 / WID-SEC-2026-0340)

Vuldb Updates
3 days 12 hours ago
A vulnerability described as critical has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. This vulnerability is registered as CVE-2026-2084. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

The Hackers News
3 days 12 hours ago
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently
The Hacker News

CVE-2025-15100 | JAY Login & Register Plugin up to 2.6.03 on WordPress jay_panel_ajax_update_profile privileges management (EUVD-2025-206900 / CNNVD-202602-1240)

Vuldb Updates
3 days 12 hours ago
A vulnerability, which was classified as critical, was found in JAY Login & Register Plugin up to 2.6.03 on WordPress. The affected element is the function jay_panel_ajax_update_profile. Executing a manipulation can lead to improper privilege management. This vulnerability appears as CVE-2025-15100. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-15027 | JAY Login & Register Plugin up to 2.6.03 on WordPress jay_login_register_ajax_create_final_user privileges management (EUVD-2025-206901 / CNNVD-202602-1241)

Vuldb Updates
3 days 12 hours ago
A vulnerability, which was classified as critical, has been found in JAY Login & Register Plugin up to 2.6.03 on WordPress. Impacted is the function jay_login_register_ajax_create_final_user. Performing a manipulation results in improper privilege management. This vulnerability is reported as CVE-2025-15027. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2026-2122 | Xiaopi Panel up to 20260126 WAF Firewall /demo.php ID sql injection (EUVD-2026-5825 / CNNVD-202602-1243)

Vuldb Updates
3 days 12 hours ago
A vulnerability classified as critical was found in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-2122. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-2118 | UTT HiPER 810 1.7.4-141218 rehttpd formReleaseConnect sub_4407D4 Isp_Name command injection (EUVD-2026-5827 / CNNVD-202602-1244)

Vuldb Updates
3 days 12 hours ago
A vulnerability described as critical has been identified in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. This vulnerability is tracked as CVE-2026-2118. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-2195 | code-projects Online Reviewer System 1.0 questions-view.php ID sql injection (CNNVD-202602-1248)

Vuldb Updates
3 days 12 hours ago
A vulnerability was found in code-projects Online Reviewer System 1.0. It has been rated as critical. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2026-2195. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

European Commission hit by cyberattackers targeting mobile management platform

Help Net Security
3 days 13 hours ago

The European Commission’s mobile device management platform was hacked but the incident was swiftly contained and no compromise of mobile devices was detected, EU’s executive branch announced on Friday. The intrusion was detected on January 30, 2026, by CERT-EU, the cybersecurity team protecting all European Union institutions, bodies, and agencies. “The Commission’s swift response ensured the incident was contained and the system cleaned within 9 hours,” the EC stated, and added that the intrusion “may … More →

The post European Commission hit by cyberattackers targeting mobile management platform appeared first on Help Net Security.

Zeljka Zorz

European Commission probes cyberattack on mobile device management system

Security Affairs
3 days 13 hours ago
The European Commission is investigating a cyberattack after detecting signs that its mobile device management system was compromised. The European Commission is investigating a cyberattack on its mobile device management platform after detecting intrusion traces. Attackers may have accessed some staff data, including names and phone numbers, but so far they have not compromised any […]
Pierluigi Paganini

Managed ad