Aggregator

Неприятный сюрприз ожидает тех, кто привык неделями не закрывать крышку ноутбука.

An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available.

A vulnerability, which was classified as critical, was found in ladela Bookly Plugin up to 27.0 on WordPress. Affected by this vulnerability is an unknown functionality of the component Negative Number Handler. Executing a manipulation of the argument tips can lead to external control of assumed-immutable web parameter. The identification of this vulnerability is CVE-2026-2519. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in fernandobt List Category Posts Plugin up to 0.94.0 on WordPress and classified as problematic. Affected by this issue is the function catlist of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-3005. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic has been found in Orthanc DICOM Server up to 1.12.10. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-5437. It is possible to initiate the attack remotely. There is no exploit available.

Новый чип качается как маятник — и экономит энергию.

A vulnerability labeled as critical has been found in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. This vulnerability is listed as CVE-2026-6038. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. This vulnerability is tracked as CVE-2026-6037. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. This vulnerability is identified as CVE-2026-6036. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. It has been rated as problematic. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCH_ID leads to cross site scripting. This vulnerability is referenced as CVE-2026-6035. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. It has been declared as problematic. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The identification of this vulnerability is CVE-2026-6034. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as problematic has been reported in Orthanc DICOM Server up to 1.12.10. This issue affects some unknown processing of the component ZIP Archive Handler. The manipulation of the argument size leads to allocation of resources. This vulnerability is documented as CVE-2026-5439. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in Orthanc DICOM Server up to 1.12.10. Impacted is the function DecodePsmctRle1 of the file DicomImageDecoder.cpp of the component Image Parser. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-5441. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in Orthanc DICOM Server up to 1.12.10. The affected element is an unknown function of the component DICOM Image Parser. This manipulation causes integer overflow. This vulnerability appears as CVE-2026-5442. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Orthanc DICOM Server up to 1.12.10. The impacted element is an unknown function of the component DICOM Image Parser. Such manipulation leads to integer overflow. This vulnerability is traded as CVE-2026-5443. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Orthanc DICOM Server up to 1.12.10. This affects the function DecodeLookupTable of the file DicomImageDecoder.cpp of the component Image Parser. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-5445. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, has been found in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. This vulnerability is identified as CVE-2026-5959. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Submit #796310 / VDB-354113

Submit #796281 / VDB-356619