Aggregator

A vulnerability, which was classified as problematic, has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $_SERVER['PHP_SELF'] causes cross site scripting. The identification of this vulnerability is CVE-2026-5668. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #786028 / VDB-355493

Submit #786022 / VDB-355492

Submit #785942 / VDB-355491

Submit #785895 / VDB-355490

A vulnerability classified as problematic was found in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. This vulnerability was named CVE-2026-5666. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5665. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability described as problematic has been identified in OpenAirInterface CN5G AMF up to 2.2.0. Affected is the function ngap_message_decoded_callback of the file src/ngap/ngap_message_callback.hpp of the component Procedure Code/PDU-Type. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2026-30078. The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.

Submit #786322 / VDB-355489

Submit #786310 / VDB-355488

Submit #786228 / VDB-355487

Рассказываем о хитрой ловушке, скрытой внутри привычной картинки.

There’s a gap in how security teams work today. The alerts exist. The risk signals exist. The data exists. But turning that data into a […]

The post Chat With Your Data: Introducing AI Assistant for Web Supply Chain Defense appeared first on Reflectiz.

The post Chat With Your Data: Introducing AI Assistant for Web Supply Chain Defense appeared first on Security Boulevard.

好的，我现在需要帮用户总结一篇文章，控制在100字以内，而且不需要特定的开头。首先，我得仔细阅读文章内容，理解其主要观点。 文章主要讲的是Reflectiz公司推出的AI Assistant工具，它是一个集成在平台中的对话式AI聊天工具。这个工具能够帮助安全团队快速分析数据，减少操作步骤和时间。用户可以通过提问直接获得基于实际安全数据的答案，并且可以执行操作，比如批准或标记警报，而无需切换界面。 接下来，我需要将这些信息浓缩成一句话。要突出AI Assistant的功能、优势以及它带来的好处。确保语言简洁明了，不超过100字。 可能的结构是：介绍AI Assistant是什么，它的功能（对话式分析数据），以及带来的好处（减少点击、时间、跨站点模式识别等）。这样既涵盖了主要内容，又符合字数限制。 最后检查一下是否符合用户的要求，没有使用“文章内容总结”之类的开头，并且准确传达了文章的核心信息。 Reflectiz推出AI Assistant工具，通过对话式AI聊天直接集成到平台中，帮助安全团队快速分析数据、识别风险并采取行动，减少操作步骤和时间消耗。

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要特定的开头。首先，我得仔细阅读文章内容，抓住主要观点。 文章提到Anthropic的费用调整，用户觉得这可能影响他们的使用成本。然后作者讨论了多模型框架和更便宜的模型的重要性，比如20倍 cheaper的Haiku。还提到了技术解决方案，比如Cerberus，以及混合付费和本地模型的策略。 用户可能是一位开发者或者企业用户，他们关心成本控制和模型效率。深层需求可能是寻找如何应对未来模型成本上升的方法。 所以总结的时候要涵盖费用调整、多模型框架、更便宜的模型以及技术解决方案这几个点，同时保持简洁明了。 文章讨论了AI模型推理成本上升的问题，并指出未来需要更便宜的多模型框架或更经济的单一平台模型来应对不可持续的成本。作者建议采用新技术降低成本、开发更小更便宜的高质量模型，并结合本地与云端混合模式来优化资源使用。

A vulnerability marked as critical has been reported in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. This vulnerability is known as CVE-2026-5663. Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.

Submit #786061 / VDB-355486

A vulnerability labeled as problematic has been found in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2026-5661. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. This vulnerability appears as CVE-2026-5660. The attack may be initiated remotely. In addition, an exploit is available.

Submit #785896 / VDB-355485