Aggregator

A vulnerability labeled as critical has been found in SourceCodester Cab Management System 1.0. Affected is an unknown function of the file /cms/admin/categories/view_category.php. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2026-36922. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in SourceCodester Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/examproper/questions-view.php. Performing a manipulation results in sql injection. This vulnerability is known as CVE-2026-36920. Remote exploitation of the attack is possible. No exploit is available.

2023 年全球农药使用量达 373 万吨，约为 1990 年的两倍。农药相关健康风险研究长期集中在急性中毒、神经毒性和癌症方面。新型基因技术如今已能用于追踪农药对肠道菌群的影响。印度团队对印度南部近 3000 人开展研究后发现，城市地区 23% 的人患有糖尿病，多与肥胖、高胆固醇等典型危险因素相关；但农村地区糖尿病患病率仍高达 16%，且与这些危险因素无关。研究人员怀疑环境化学物质可能发挥了作用研究团队在小鼠身上研究了一种广泛使用的农业杀虫剂——氯氰菊酯的影响。根据印度日常饮食中的农药残留量，研究团队采用了“现实剂量”，持续给药 120 天。研究显示，氯氰菊酯重塑了小鼠肠道菌群，其中乳酸杆菌等有益菌数量下降，幽门螺杆菌等潜在有害菌增多。即便体重没有增加，接触氯氰菊酯的小鼠仍出现了高血糖和糖尿病症状。农药似乎不仅会改变菌群种类，还会影响其代谢活性。在另一项大型研究中，研究人员将 17 种人体肠道代表性细菌暴露于 18 种不同农药，检测到微生物产生的数百种小分子物质发生变化，其中包括短链脂肪酸、胆汁酸和色氨酸相关分子。这些物质能维持肠道黏膜健康、调节炎症反应、调控免疫功能。他们还发现，部分细菌会在细胞内蓄积农药，这可能延长其在人体内的停留时间，增加长期健康风险。

A vulnerability categorized as problematic has been discovered in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. This vulnerability is traded as CVE-2026-6216. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in DbGate up to 7.1.4. It has been rated as critical. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. This vulnerability appears as CVE-2026-6215. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

There has been a vulnerability sitting in OpenBSD for 27 years. OpenBSD, the operating system specifically built with security as […]

The post How Anthropic’s New AI Model Is Challenging Traditional Vulnerability Testing appeared first on HawkEye.

Submit #785841 / VDB-357135

Submit #785836 / VDB-357134

For the latest discoveries in cyber research for the week of 13th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Los Angeles Police Department has reported a data breach involving a digital storage system used by the L.A. City Attorney’s Office. The exposure included 7.7 terabytes and more than 337,000 files, […]

The post 13th April – Threat Intelligence Report appeared first on Check Point Research.

Cloudflare Sandboxes give AI agents a persistent, isolated environment: a real computer with a shell, a filesystem, and background processes that starts on demand and picks up exactly where it left off.

We’re introducing Durable Object Facets, allowing Dynamic Workers to instantiate Durable Objects with their own isolated SQLite databases. This enables developers to build platforms that run persistent, stateful code generated on-the-fly.

If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised),” Samuel Demeulemeester, a contributor to CPUID, stated on Friday, and apologized to affected users. … More →

The post Hackers hijacked CPUID downloads, served STX RAT to victims appeared first on Help Net Security.

A vulnerability was found in Apache SkyWalking MCP up to 0.1.0. It has been declared as critical. The affected element is an unknown function of the component Header Handler. The manipulation of the argument SW-URL results in server-side request forgery. This vulnerability is reported as CVE-2026-34476. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Apache SkyWalking MCP up to 0.1.0. It has been classified as critical. Impacted is the function set_skywalking_url. The manipulation leads to injection. This vulnerability is documented as CVE-2026-34884. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in SourceCodester Basic Library System 1.0 and classified as critical. This issue affects some unknown processing of the file /system/system/admins/assessments/examproper/exam-update.php. Executing a manipulation can lead to sql injection. This vulnerability is registered as CVE-2026-36919. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in SourceCodester Basic Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /load_student.php. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-36874. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in SourceCodester Basic Library System 1.0. This affects an unknown part of the file /load_admin.php. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2026-36873. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in SourceCodester Basic Library System 1.0. Affected by this issue is some unknown functionality of the file /load_book.php. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-36872. The attack is possible to be carried out remotely. No exploit exists.

Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically

Китайский кристалл приблизил создание ядерных часов — навигация без GPS станет реальностью.