Aggregator

Submit #806822 / VDB-360887

A vulnerability was found in janeczku Calibre-Web up to 0.6.26. It has been declared as critical. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. This vulnerability is traded as CVE-2026-7709. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #806493 / VDB-360886

Submit #805823 / VDB-360885

A vulnerability was found in Open5GS up to 2.7.7. It has been classified as problematic. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supi_id causes denial of service. This vulnerability appears as CVE-2026-7708. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in Open5GS up to 2.7.7 and classified as problematic. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. This vulnerability is reported as CVE-2026-7707. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability has been found in Open5GS up to 2.7.7 and classified as problematic. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. This vulnerability is documented as CVE-2026-7706. The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

最初作为千禧年（Y2K）标志性网站以“Ask Jeeves”之名创立的Ask.com，现已正式宣告关闭。其主页现在写道：“随着 IAC 继续明确其业务重点，我们决定停止包括Ask.com在内的搜索业务

Submit #805701 / VDB-360884

Submit #805700 / VDB-360883

Submit #805699 / VDB-360883

Submit #805698 / VDB-360882

A vulnerability, which was classified as critical, was found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. This vulnerability is registered as CVE-2026-7705. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Il Reentrancy Attack è un tipo di vulnerabilità molto pericolosa negli smart contracts in cui un at

Submit #805644 / VDB-360881

Submit #805635 / VDB-338409

Физики создали квантовое сжатие четвёртого порядка.

A vulnerability, which was classified as critical, has been found in Apache Polaris up to 1.4.0. This affects an unknown part. Performing a manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-42812. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Apache Polaris up to 1.4.0. Affected by this issue is some unknown functionality. Such manipulation leads to improper authentication. This vulnerability is listed as CVE-2026-42811. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Apache Polaris up to 1.4.0. Affected by this vulnerability is an unknown functionality of the component Asterisk Handler. This manipulation causes escaping of output. This vulnerability is tracked as CVE-2026-42810. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.