Aggregator

A vulnerability identified as problematic has been detected in Issivs Intelligent Security System SecurOS Enterprise 10.0.18362. Impacted is an unknown function of the file C:\Program Files (x86)\ISS\SecurOS\. Performing a manipulation results in unquoted search path. This vulnerability is known as CVE-2019-25304. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability described as problematic has been identified in Davidvg 60CycleCMS 2.5.2. Affected by this issue is some unknown functionality of the file news.php of the component GET Parameter Handler. Such manipulation of the argument etsu/ltsu leads to cross site scripting. This vulnerability is listed as CVE-2020-37111. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in thrsrossi Millhouse Project 1.414. The affected element is an unknown function of the file add_comment_sql.php. Such manipulation of the argument content leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-25301. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in rimbalinux AhadPOS 1.11. It has been declared as critical. The impacted element is an unknown function of the component POST Handler. Such manipulation of the argument alamatCustomer leads to sql injection. This vulnerability is traded as CVE-2019-25299. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in lolypop55 html5_snmp 1.11. This affects an unknown part. This manipulation of the argument Router_ID/Router_IP causes sql injection. This vulnerability is handled as CVE-2019-25298. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in thejshen Globitek CMS 1.4. It has been declared as critical. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2019-25300. The attack can be launched remotely. Moreover, an exploit is present.

BridgePay Network Solutions, a major U.S. payment gateway provider, confirmed a ransomware attack caused a widespread outage, disrupting card processing for merchants nationwide. The outage began early on February 6, 2026, around 3:29 a.m. EST with degraded performance in systems like the Gateway.Itstgate.com virtual terminal, reporting, and API. By 5:48 a.m. EST, BridgePay posted its […]

The post BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Outages appeared first on Cyber Security News.

A vulnerability marked as critical has been reported in AllHandsMarketing PhpIX 2012 Professional. This affects an unknown function of the file product_detail.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2020-37108. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in redmine PMB 5.6. This impacts an unknown function of the file /admin/sauvegarde/download.php of the component Requests Handler. The manipulation of the argument logid results in sql injection. This vulnerability is cataloged as CVE-2020-37105. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Davidvg 60CycleCMS 2.5.2. Affected is an unknown function in the library common/lib.php of the file news.php of the component Query Parameter Handler. This manipulation causes sql injection. This vulnerability is registered as CVE-2020-37110. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. This vulnerability is referenced as CVE-2026-2064. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Flycatcher Toys smART Pixelator 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-2065. The attack can only be performed from the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in nyariv SandboxJS up to 0.8.28. It has been classified as problematic. The affected element is an unknown function. This manipulation causes injection. This vulnerability appears as CVE-2026-25586. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in pydantic pydantic-ai up to 1.50.x and classified as critical. This vulnerability affects the function Agent.to_web of the component URL Handler. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-25640. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in nyariv SandboxJS up to 0.8.28. The impacted element is the function hosts. The manipulation of the argument Object.values/Object.entries results in injection. This vulnerability is identified as CVE-2026-25520. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

CEO Jay Chaudhry: SquareX Deal Targets Unmanaged Devices and Third-Party Access
Zscaler has acquired SquareX to deliver browser security through extensions rather than endpoint agents or stand-alone browsers. CEO Jay Chaudhry said the approach speeds deployment, improves security for unmanaged devices and accelerates time-to-market by up to a year.

AI Assistant Executes Hidden Commands Embedded in Docker Image Labels
A vulnerability in Docker's Ask Gordon AI assistant allows attackers to execute malicious commands by hiding them in the container application development platform's image metadata, said security researchers. Dubbed DockerDash, the vulnerability exploits a failure across Docker's AI execution chain.

Database Misconfiguration Exposed 1.5 million API Tokens
A misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.

Experts Advise Moving From Verifying Identities to Knowing Agent Intentions
Financial institutions are rushing to deploy AI agents capable of autonomously initiating transactions, approving payments and freezing accounts in real time. But AI agents are creating a "dual authentication crisis" that traditional security frameworks cannot address.

A vulnerability classified as critical has been found in pear pearweb up to 1.32.x. Impacted is an unknown function of the component Bug Subscription Deletion. The manipulation of the argument email leads to sql injection. This vulnerability is listed as CVE-2026-25238. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.