Aggregator

Submit #818384 / VDB-367156

A vulnerability was found in Shibby Tomato 1.28 and classified as critical. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-10069. The attack may be launched remotely. There is no exploit available. This project is superseded by FreshTomato.

Эксперты нашли способ следить за пользователями Telegram через скрытую метку.

A vulnerability has been found in Shibby Tomato 1.28 and classified as critical. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2026-10068. The attack may be initiated remotely. There is no available exploit. This project is superseded by FreshTomato.

A vulnerability, which was classified as critical, was found in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-10067. The attack can be launched remotely. No exploit exists. This project is superseded by FreshTomato.

黑客正在利用 FortiClient 企业管理服务器（EMS）中的一个身份验证绕过漏洞（CVE - 2026 - 35616），来传播一款未公开的名为 EKZ 的凭证窃取程序。   攻击者将该恶意软件伪装成 Fortinet 终端的更新程序，并通过由 FortiClient 管理的 VPN 脚本工作流程来执行它。   被利用的这个严重漏洞属于访问控制不当问题，使得未经身份验证的...

A vulnerability, which was classified as critical, has been found in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-10066. The attack can be initiated remotely. There is not any exploit available. This project is superseded by FreshTomato.

A vulnerability classified as critical was found in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-10065. It is possible to launch the attack remotely. No exploit is available. This project is superseded by FreshTomato.

Submit #818238 / VDB-367155

Submit #818237 / VDB-367154

Submit #818146 / VDB-367153

Submit #818145 / VDB-367152

Submit #818144 / VDB-367151

联邦调查局（FBI）发出警告，在 2026 年世界杯前夕，出现了一些假冒国际足联（FIFA）的网站，这些网站旨在窃取个人和财务信息、售卖假门票与贵宾套餐，以及实施与赛事相关的其他诈骗活动。 这届国际足球锦标赛将于 6 月 11 日至 7 月 19 日在美国、加拿大和墨西哥举行，威胁行为者已准备了数百个钓鱼网站。 根据 FBI 发布的公共服务公告，这些假冒域名模仿官方的fifa.com，但利用一些不...

The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]

A vulnerability classified as critical has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2026-10064. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability described as critical has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2026-10063. The attack may be performed from remote. In addition, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability marked as critical has been reported in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2026-10062. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability labeled as critical has been found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2026-10061. The attack can be executed remotely. Additionally, an exploit exists. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."