Submit #795166: Anuj Kumar Beauty Parlour Management System 1.1 SQL Injection [Duplicate]
Submit #795166 / VDB-309059
Aggregator
113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
3 weeks ago
MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users. MyLovely.AI allows people to create personalized not safe for work (NSFW) content and engage in real-time conversations with AI-generated companions, often involving highly personal prompts and interactions. According to Have I Been Pwned, the breach exposed email addresses, user-created prompts, links to the resulting AI-generated images, and a limited number of social media profiles, including Discord and X usernames. Based on … More →
The post 113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs appeared first on Help Net Security.
Sinisa Markovic
Submit #794658: codeastro Online Classroom V1.0 SQL Injection [Accepted]
3 weeks ago
Submit #794658 / VDB-356566
hackint
Submit #794657: codeastro Online Classroom V1.0 SQL Injection [Duplicate]
3 weeks ago
Submit #794657 / VDB-355348
hackint
Akira
3 weeks ago
You must login to view this content
cohenido
Akira
3 weeks ago
You must login to view this content
cohenido
Akira
3 weeks ago
You must login to view this content
cohenido
Masjesu botnet targets IoT devices while evading high-profile networks
3 weeks ago
Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Masjesu is a stealthy botnet active since 2023, advertised as a DDoS-for-hire service. It targets IoT devices like routers and gateways, spanning multiple architectures. Designed for persistence, it executes carefully, avoiding high-profile IP ranges […]
Pierluigi Paganini
When All Else Fails: PowerShell Reflective Assembly Loading
3 weeks ago
by Ian Briley Sometimes an older trick is the only trick that will work for you on an engagement. Case in point, recently I was on an engagement, where if […]
Red Siege
Tool – EyeWitness
3 weeks ago
by Jason Downey EyeWitness: Because Nobody Has Time to Visit 500 URLs Every pentest has that moment during recon where you’ve got a list of web servers a mile long […]
Red Siege
When attackers already have the keys, MFA is just another door to open
3 weeks ago
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]
Sponsored by Token
Хакеры стали работать быстрее вашей техподдержки. На полный захват сети у них теперь уходит меньше суток
3 weeks ago
Даже минутная задержка теперь приводит к непоправимым последствиям.
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
3 weeks ago
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems
CVE-2026-31790 | OpenSSL up to 3.0.19/3.3.6/3.4.4/3.5.5/3.6.1 RSA KEM RSASVE Encapsulation RSA_public_encrypt uninitialized pointer (EUVD-2026-19969 / Nessus ID 305682)
3 weeks ago
A vulnerability was found in OpenSSL up to 3.0.19/3.3.6/3.4.4/3.5.5/3.6.1. It has been declared as problematic. The affected element is the function RSA_public_encrypt of the component RSA KEM RSASVE Encapsulation. Executing a manipulation can lead to uninitialized pointer.
This vulnerability is registered as CVE-2026-31790. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-31789 | OpenSSL up to 3.0.19/3.3.6/3.4.4/3.5.5/3.6.1 Hexadecimal Conversion heap-based overflow (EUVD-2026-19968 / Nessus ID 305682)
3 weeks ago
A vulnerability described as critical has been identified in OpenSSL up to 3.0.19/3.3.6/3.4.4/3.5.5/3.6.1. Affected by this issue is some unknown functionality of the component Hexadecimal Conversion Handler. Executing a manipulation can lead to heap-based buffer overflow.
This vulnerability is handled as CVE-2026-31789. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-28388 | OpenSSL up to 3.6.1 Delta CRL null pointer dereference (EUVD-2026-19962 / Nessus ID 305682)
3 weeks ago
A vulnerability identified as problematic has been detected in OpenSSL up to 3.6.1. This impacts an unknown function of the component Delta CRL Handler. This manipulation causes null pointer dereference.
This vulnerability appears as CVE-2026-28388. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2026-28389 | OpenSSL up to 3.6.1 CMS EnvelopedData Message CMS_decrypt null pointer dereference (EUVD-2026-19965 / Nessus ID 305682)
3 weeks ago
A vulnerability labeled as problematic has been found in OpenSSL up to 3.6.1. Affected is the function CMS_decrypt of the component CMS EnvelopedData Message Handler. Such manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2026-28389. The attack may be launched remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-28387 | OpenSSL up to 3.6.1 DANE Client Code use after free (EUVD-2026-19961 / Nessus ID 305682)
3 weeks ago
A vulnerability categorized as critical has been discovered in OpenSSL up to 3.6.1. This affects an unknown function of the component DANE Client Code. The manipulation results in use after free.
This vulnerability is reported as CVE-2026-28387. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
3 weeks ago
LayerX researchers have discovered how to bypass Claude Code’s safety rules using the CLAUDE.md file. This exploit allows…
Deeba Ahmed
APT73
3 weeks ago
You must login to view this content
cohenido