Aggregator

A vulnerability, which was classified as problematic, has been found in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0/19.0. This vulnerability affects unknown code of the component Promotions. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2020-9488. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in code-projects Visitor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone causes sql injection. This vulnerability appears as CVE-2026-10170. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. It has been declared as problematic. Affected by this vulnerability is the function ajax_forgot_password of the file application/controllers/Login.php of the component Forgot Password Endpoint. The manipulation of the argument email results in weak password recovery. This vulnerability is reported as CVE-2026-10169. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. It has been classified as critical. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control of resource identifiers. This vulnerability is documented as CVE-2026-10168. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 and classified as critical. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. This vulnerability is registered as CVE-2026-10167. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #819186 / VDB-367424

A vulnerability has been found in zephyrproject-rtos Zephyr up to 4.3 and classified as problematic. This affects the function socketcan_frame. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-5071. The attack must be initiated from a local position. There is no exploit available.

Submit #819395 / VDB-367423

Submit #819161 / VDB-367422

Submit #819157 / VDB-367421

Attackers are texting Signal users posing as Support, asking for backup recovery keys. Once obtained, they can decrypt the entire message history, not just future chats. A phishing campaign is currently targeting Signal users with text messages that impersonate Signal Support and ask them to hand over their backup recovery key. The message looks urgent, […]

Эндрю Келли рассказал, куда на самом деле спешит Zig.

Matrix 首页推荐Matrix 是少数派的写作社区，我们主张分享真实的产品体验，有实用价值的经验与思考。我们会不定期挑选 Matrix 最优质的文章，展示来自用户的最真实的体验和观点。文章代表作者

Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks. Dutch authorities have taken offline a massive botnet of at least 17 million devices and seized more than 200 servers at a local provider that supported the operation. Infected devices included computers, tablets, and smartphones. The action was carried out following […]

Botnet of 17 Million Devices Dismantled in the NetherlandsDutch

3000 лет наблюдений, зонды внутри короны — а главные вопросы до сих пор без ответа.