Aggregator

Submit #807196 / VDB-360894

Submit #807193 / VDB-360893

A vulnerability classified as critical has been found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. This vulnerability is identified as CVE-2026-7716. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. This vulnerability is referenced as CVE-2026-7715. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability marked as critical has been reported in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. The identification of this vulnerability is CVE-2026-7714. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through a pull request but has not reacted yet.

A vulnerability labeled as critical has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. This vulnerability was named CVE-2026-7713. The attack may be performed from remote. In addition, an exploit is available. The affected component should be upgraded.

Submit #807542 / VDB-236685

Submit #807105 / VDB-360892

DeepSeek V4 是迄今为止在 CAISI 评估的各个领域（网络安全、软件工程、自然科学、抽象推理和数学）中性能最强的 PRC 模型。CAISI 在上述五个领域

Submit #806913 / VDB-360891

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly. Listed tasks include attending in-person meetings, photographing locations, delivering items, … More →

The post Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months appeared first on Help Net Security.

Security leadership is often associated with emerging threats and advanced technologies, but much of the role comes down to disciplined execution, thoughtful decision-making, and balancing protection with business continuity. In CISO Diaries, we speak with leading CISOs around the world to understand what the role actually looks like beyond frameworks and incident headlines, how security […]

The post CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense appeared first on CISO Whisperer.

The post CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense appeared first on Security Boulevard.

Security leadership is often associated with emerging threats and advanced technologies, but muc

Submit #806468 / VDB-360890

Submit #806403 / VDB-360889

Table of ContentsTproxyNATTproxyTProxy (Transparent Proxy)NATNAT (Network Address Trans

A vulnerability identified as critical has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2026-7712. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. This vulnerability is handled as CVE-2026-7711. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in YunaiV yudao-cloud up to 3.8.0. It has been rated as critical. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. This vulnerability is known as CVE-2026-7710. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #806827 / VDB-360888