Aggregator

CVE-2026-5334 | itsourcecode Online Enrollment System 1.0 Parameter index.php?view=edit&id=3 deptid sql injection

VulDB Recent Entries
11 hours 41 minutes ago
A vulnerability was found in itsourcecode Online Enrollment System 1.0. It has been classified as critical. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. This vulnerability is tracked as CVE-2026-5334. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-5333 | DefaultFuction Content-Management-System 1.0 /admin/tools.php host command injection

VulDB Recent Entries
11 hours 43 minutes ago
A vulnerability was found in DefaultFuction Content-Management-System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. This vulnerability is identified as CVE-2026-5333. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

帆软报表历史漏洞分析(二)

先知技术社区
11 hours 47 minutes ago
本文分析帆软FineReport的channel接口反序列化漏洞(含TreeBag、ImmutableSetMultimap等多条利用链)、FineVis插件任意文件写入漏洞,并列举V8/V9老版本历史漏洞。

CVE-2026-5332 | Xiaopi Panel 1.0.0 WAF Firewall /demo.php param cross site scripting

VulDB Recent Entries
11 hours 47 minutes ago
A vulnerability has been found in Xiaopi Panel 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. This vulnerability is referenced as CVE-2026-5332. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-5331 | OpenCart 4.1.0.3 Extension Installer Page installer.php path traversal

VulDB Recent Entries
11 hours 55 minutes ago
A vulnerability, which was classified as critical, was found in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-5331. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-5330 | SourceCodester/mayuri_k Best Courier Management System 1.0 User Delete ajax.php?action=delete_user ID access control

VulDB Recent Entries
11 hours 58 minutes ago
A vulnerability, which was classified as critical, has been found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. This vulnerability was named CVE-2026-5330. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Security Affairs
12 hours 3 minutes ago
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist […]
Pierluigi Paganini

HackMyVM-Gitdwn 靶机WP

先知技术社区
12 hours 6 minutes ago
Gitdwn靶机贴近真实生产环境,融合了多种常见的安全漏洞与配置隐患,涵盖前端加密逻辑、XML外部实体(XXE)、内网服务暴露、Git版本控制信息泄露等多个核心考点,既考验渗透测试人员的基础操作能力(如端口扫描、目录枚举、密码爆破),也要求具备一定的代码逆向、漏洞组合利用与细节挖掘思维。

Managed ad