Aggregator

A vulnerability, which was classified as problematic, has been found in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. This vulnerability is listed as CVE-2026-6192. The attack must be carried out locally. In addition, an exploit is available. It is suggested to install a patch to address this issue.

Submit #797460 / VDB-357117

Submit #797452 / VDB-357116

A vulnerability classified as critical was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. This vulnerability is tracked as CVE-2026-6191. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. This vulnerability is identified as CVE-2026-6190. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #797433 / VDB-357115

Rockstar Games has formally acknowledged that a portion of its internal data was compromised following a breach of

The post The Master Key: How Hackers Used a Third-Party Exploit to Infiltrate Rockstar Games appeared first on Penetration Testing Tools.

A vulnerability described as critical has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. This vulnerability is referenced as CVE-2026-6189. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2026-6188. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-6187. The attack may be performed from remote. In addition, an exploit is available.

Submit #797385 / VDB-357114

A routine missive from a familiar service has long since ceased to be a hallmark of security. Specialists

The post The Trusted Trap: How Hackers are Weaponizing GitHub and Jira Notifications to Bypass Filters appeared first on Penetration Testing Tools.

A vulnerability identified as critical has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-6186. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Samsung Devices and classified as critical. The affected element is an unknown function of the component Retail Mode. Executing a manipulation can lead to improper input validation. This vulnerability appears as CVE-2026-21010. The physical device can be targeted for the attack. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability was found in Samsung Devices. It has been classified as critical. The impacted element is an unknown function of the component Bluetooth. The manipulation leads to incorrect privilege assignment. This vulnerability is traded as CVE-2026-21011. It is possible to launch the attack on the physical device. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in Samsung Devices. It has been declared as critical. This affects an unknown function of the component AODManager. The manipulation results in file inclusion. This vulnerability is known as CVE-2026-21012. Attacking locally is a requirement. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability categorized as critical has been discovered in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. This vulnerability is referenced as CVE-2026-6163. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Samsung Galaxy Wearable 2.2.50/2.2.61.24112961/2.2.63.25042861/2.2.68. It has been rated as critical. This impacts an unknown function. This manipulation causes incorrect default permissions. This vulnerability is handled as CVE-2026-21013. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is advised.

Submit #797384 / VDB-357113

A vulnerability identified as critical has been detected in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. This vulnerability is identified as CVE-2026-6164. The attack can be initiated remotely. Additionally, an exploit exists.