Aggregator

A vulnerability labeled as problematic has been found in Tubitak Bilgem Pardus Update up to 0.7.x. The affected element is an unknown function. Such manipulation leads to crlf injection. This vulnerability is documented as CVE-2026-5140. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Jenkins Microsoft Entra ID Plugin up to 666.v6060de32f87d. Impacted is an unknown function of the component Redirect URL Handler. This manipulation causes open redirect. This vulnerability is registered as CVE-2026-42525. Remote exploitation of the attack is possible. No exploit is available.

基于 18 家 A 股网络安全上市公司 2025 年报和 2026 一季报数据，分析行业收入连续 11 个季度同比下滑的现状，并讨论并购整合对行业修复的必要性。

A vulnerability categorized as critical has been discovered in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. This vulnerability is cataloged as CVE-2026-7416. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets

Submit #803974 / VDB-360145

Машина поднимает тонну, но не может взять фишку пальцами. Пришло время исправить несправедливость.

cPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The flaw affects all supported versions, raising serious risks for exposed servers. cPanel is a […]

中国网民报告 .icu 顶级域名的权威服务器在短时间内解析到了错误的 IP。.icu 最知名的域名可能是 996.ICU。不同于个别域名被错误解析，域名服务器被错误解析可能会导致影响扩大化。4 月 28 日 6:22 a.m. UTC 进行的测试显示，.icu 权威服务器之一的 b.nic.icu 在 58.13% 的情况下解析到正确 IP，其余解析到污染 IP。到 16:00 UTC 问题基本解决，99.38% 解析到正确 IP，仅 0.63% 返回污染 IP。

WILMINGTON, Delaware, April 29th, 2026, CyberNewswire Malicious intent-based deepfake detection shifts the focus from purely technical analysis to real-world risk and impact Brinker, recently named “Narrative Intelligence Solution of the Year 2026” by The Cyber Review, today announced the official launch of its malicious intent-based deepfake detection capability, introducing a fundamentally new approach to combating […]

The post Brinker Introduces a Novel Approach to Deepfake Detection appeared first on Cyber Security News.

Atomic Red Team’s new MCP server helps you test more, faster as you validate your detection coverage against MITRE ATT&CK techniques

Министры в Афинах вспомнили заветы предков.

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. It has been rated as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. This vulnerability is listed as CVE-2026-7410. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. It has been declared as critical. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql injection. This vulnerability is tracked as CVE-2026-7409. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. It has been classified as critical. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation results in sql injection. This vulnerability is identified as CVE-2026-7408. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0 and classified as critical. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of the component Setting Handler. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-7407. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #803625 / VDB-360144

Submit #803624 / VDB-360143