Aggregator

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 and classified as critical. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. This vulnerability appears as CVE-2026-7204. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. This vulnerability is reported as CVE-2026-7203. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. This vulnerability is documented as CVE-2026-7202. The attack can be initiated remotely. Additionally, an exploit exists.

Understand where short-lived credentials reduce risk in agentic systems and where operational complexity requires stronger monitoring and governance controls.

The post Short-Lived Credentials in Agentic Systems: A Practical Trade-off Guide appeared first on Security Boulevard.

Explore how AI is reshaping the security landscape—uncover emerging threats, identity challenges, and the strategies needed to stay ahead.

Itron confirmed a cyber incident but does not believe it is likely to have a material impact on the company

A vulnerability classified as problematic was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability is registered as CVE-2026-7200. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Performing a manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-7199. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #801530 / VDB-359804

Submit #801528 / VDB-359803

Submit #801527 / VDB-359802

A vulnerability described as critical has been identified in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. This vulnerability is listed as CVE-2026-7196. The attack may be performed from remote. In addition, an exploit is available.

Submit #801111 / VDB-359801

Submit #801109 / VDB-359800

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]

Submit #801030 / VDB-359799

A vulnerability marked as critical has been reported in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ID causes sql injection. This vulnerability is tracked as CVE-2026-7194. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Opus 4.7 теперь блокирует учебники, PDF с игрушками и русский язык.

Submit #800977 / VDB-359798