Aggregator

CVE-2026-29514 | NetBox up to 4.5.4 RenderTemplateMixin.get_environment_params finalize permissive list of allowed inputs (EUVD-2026-26997)

VulDB Recent Entries
1 week 5 days ago
A vulnerability identified as critical has been detected in NetBox up to 4.5.4. This impacts the function RenderTemplateMixin.get_environment_params. This manipulation of the argument finalize causes permissive list of allowed inputs. This vulnerability is registered as CVE-2026-29514. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

The Hackers News
1 week 5 days ago
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.  The
The Hacker News

New MicroStealer Malware Actively Attacking Telecom & Education Sectors

Cyber Security News
1 week 5 days ago

A new infostealer malware called MicroStealer has quietly entered the threat landscape and is already showing a worrying reach. First spotted in December 2025, the malware has picked up speed fast, showing up across sandbox environments within weeks of its initial appearance in the wild. What makes it stand out is its ability to fly […]

The post New MicroStealer Malware Actively Attacking Telecom & Education Sectors appeared first on Cyber Security News.

Tushar Subhra Dutta

Bluekit Phishing Kit Automates Domains, 2FA Lures, and Session Hijacking in One Panel

Cyber Security News
1 week 5 days ago

A newly identified phishing kit called Bluekit is changing how cybercriminals carry out phishing attacks by packing multiple attack capabilities into a single, easy-to-use operator panel. Rather than relying on separate tools stitched together from different sources, Bluekit gives attackers one centralized platform to manage everything from fake website creation to session hijacking. For years, […]

The post Bluekit Phishing Kit Automates Domains, 2FA Lures, and Session Hijacking in One Panel appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-7785 | A-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture os command injection

VulDB Recent Entries
1 week 5 days ago
A vulnerability categorized as critical has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. This vulnerability is cataloged as CVE-2026-7785. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-36365 | Lymphatus caesium-image-compressor up to 02da2c6 PostCompressionActions.cpp shutdownMachine/putMachineToSleep Local Privilege Escalation (EUVD-2026-26976)

VulDB Recent Entries
1 week 5 days ago
A vulnerability was found in Lymphatus caesium-image-compressor up to 02da2c6. It has been declared as problematic. The affected element is the function shutdownMachine/putMachineToSleep of the file PostCompressionActions.cpp. Executing a manipulation can lead to Local Privilege Escalation. This vulnerability is tracked as CVE-2026-36365. The attack is restricted to local execution. No exploit exists.
vuldb.com

CVE-2026-37458 | FRRouting FRR up to 10.6 MP_REACH_NLRI denial of service (EUVD-2026-26977)

VulDB Recent Entries
1 week 5 days ago
A vulnerability was found in FRRouting FRR up to 10.6. It has been classified as problematic. Impacted is an unknown function of the component MP_REACH_NLRI Component. Performing a manipulation results in denial of service. This vulnerability is identified as CVE-2026-37458. The attack can only be performed from the local network. There is not any exploit available.
vuldb.com

CVE-2026-7784 | RTGS2017 NagaAgent up to 5.1.0 Skills Endpoint extensions.py Name path traversal (Issue 311)

VulDB Recent Entries
1 week 5 days ago
A vulnerability was found in RTGS2017 NagaAgent up to 5.1.0 and classified as critical. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. This vulnerability is referenced as CVE-2026-7784. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7783 | CodeCanyon Perfex CRM up to 3.4.1 Admin Kanban Endpoint AbstractKanban.php applySortQuery this sql injection

VulDB Recent Entries
1 week 5 days ago
A vulnerability has been found in CodeCanyon Perfex CRM up to 3.4.1 and classified as critical. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. The identification of this vulnerability is CVE-2026-7783. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-7782 | CodeCanyon Perfex CRM up to 3.4.1 Tenant Clients.php Clients::project ID authorization

VulDB Recent Entries
1 week 5 days ago
A vulnerability, which was classified as critical, was found in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. This vulnerability was named CVE-2026-7782. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

Managed ad