Aggregator

Submit #811173 / VDB-364382

Submit #811172 / VDB-364381

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are […]

87% пользователей просят у ИИ личных советов. Куда это может нас привести?

暨南大学、华中科技大学和清华大学的研究人员在《One Earth》期刊上发表论文，调查了烂尾楼（或称之为未完工建筑项目）的情况。过去几十年烂尾楼数量激增，研究人员收集了 142 个城市的 1,779 个烂尾楼地理数据。结果发现，烂尾楼浪费了 485±42 百万吨建筑材料，使房地产业碳排放强度提高了 9.6%，产生的 PM2.5 细颗粒物造成了 260 万生命年的健康损失，导致购房者、开发商和承包商承担了 3470±320 亿美元的经济损失。研究人员指出烂尾楼经济损失集中在新开发郊区，加剧了社会不平等。2019-2023 年间，全国范围内的烂尾楼占用了逾 164（±8）平方公里的城市开发用地，建筑面积达 415（±56）平方公里。

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection […]

A vulnerability, which was classified as critical, has been found in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command injection. This vulnerability is traded as CVE-2026-8753. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2026-8752. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. This vulnerability is reported as CVE-2026-8751. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-8750. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #810109 / VDB-364380

Submit #810108 / VDB-364379

Submit #810107 / VDB-364378

Submit #810105 / VDB-364377

A vulnerability marked as critical has been reported in Supsystic Pricing Table 1.8.6/1.8.7. Affected by this vulnerability is the function getListForTbl of the component GET Parameter Handler. This manipulation of the argument sidx causes sql injection. This vulnerability is registered as CVE-2020-37243. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as problematic has been found in bloofoxCMS up to 0.5.2.1. Affected is an unknown function of the component Admin User Creation Endpoint. The manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2020-37241. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in CMS Made Simple 2.2.15. This impacts an unknown function of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2020-37238. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in Wplearnmanager WP Learn Manager 1.1.2. This affects the function jslm_fieldordering of the component Field Ordering Interface. Executing a manipulation of the argument ordering can lead to cross site scripting. This vulnerability is tracked as CVE-2021-47975. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Supsystic Digital Publications 1.6.9. It has been rated as critical. The impacted element is an unknown function. Performing a manipulation results in path traversal. This vulnerability is identified as CVE-2020-37245. The attack can be initiated remotely. Additionally, an exploit exists.