Aggregator

CVE-2026-11534 | imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46 /add.php name/address/fname cross site scripting (EUVD-2026-35132)

Vuldb Updates
2 weeks 1 day ago
A vulnerability described as problematic has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. This vulnerability is known as CVE-2026-11534. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-25855 | openbullet2 up to 0.3.2 FileProxySource Proxy Loading Feature bat.ps1.sh os command injection (EUVD-2026-35134)

Vuldb Updates
2 weeks 1 day ago
A vulnerability identified as critical has been detected in openbullet2 up to 0.3.2. This vulnerability affects unknown code of the file bat.ps1.sh of the component FileProxySource Proxy Loading Feature. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-25855. The attack may be initiated remotely. There is no available exploit.
vuldb.com

Meta claims NSO Group still targets WhatsApp users despite court order

Help Net Security
2 weeks 1 day ago

Meta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly violating an injunction that bars it from targeting WhatsApp and its users. “We successfully disrupted NSO-linked social engineering attempts after investigating user reports,” Meta stated. “They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click … More →

The post Meta claims NSO Group still targets WhatsApp users despite court order appeared first on Help Net Security.

Sinisa Markovic

CVE-2026-44631 | Apache HTTP Server up to 2.4.67 ap_regname heap-based overflow (EUVD-2026-35095)

Vuldb Updates
2 weeks 1 day ago
A vulnerability classified as critical has been found in Apache HTTP Server up to 2.4.67. This vulnerability affects the function ap_regname. Performing a manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-44631. The attack requires a local approach. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-49756 | wojtekmach req up to 0.5.x lib/req/utils.ex crlf injection (EUVD-2026-35096)

Vuldb Updates
2 weeks 1 day ago
A vulnerability marked as critical has been reported in wojtekmach req up to 0.5.x. The impacted element is an unknown function in the library lib/req/utils.ex. The manipulation leads to crlf injection. This vulnerability is listed as CVE-2026-49756. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-34355 | Apache HTTP Server up to 2.4.67 mod_proxy_html buffer overflow (EUVD-2026-35097)

Vuldb Updates
2 weeks 1 day ago
A vulnerability was found in Apache HTTP Server up to 2.4.67. It has been classified as critical. The affected element is an unknown function of the component mod_proxy_html. This manipulation causes buffer overflow. The identification of this vulnerability is CVE-2026-34355. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-42536 | Apache HTTP Server up to 2.4.67 mod_xml2enc heap-based overflow (EUVD-2026-35100)

Vuldb Updates
2 weeks 1 day ago
A vulnerability categorized as critical has been discovered in Apache HTTP Server up to 2.4.67. This impacts an unknown function of the component mod_xml2enc. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is tracked as CVE-2026-42536. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-44185 | Apache HTTP Server up to 2.4.67 mod_ssl send_request stack-based overflow (EUVD-2026-35099)

Vuldb Updates
2 weeks 1 day ago
A vulnerability marked as critical has been reported in Apache HTTP Server up to 2.4.67. Affected by this issue is the function send_request of the component mod_ssl. This manipulation causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-44185. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-49755 | wojtekmach req up to 0.6.0 lib/req/steps.ex data amplification (EUVD-2026-35098)

Vuldb Updates
2 weeks 1 day ago
A vulnerability labeled as problematic has been found in wojtekmach req up to 0.6.0. The affected element is an unknown function in the library lib/req/steps.ex. Executing a manipulation can lead to highly compressed data. This vulnerability is tracked as CVE-2026-49755. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2026-11529 | designcomputer mysql-mcp-server up to 0.2.2 mysql URI server.py read_resource uri_str sql injection (Issue 89 / EUVD-2026-35108)

Vuldb Updates
2 weeks 1 day ago
A vulnerability was found in designcomputer mysql-mcp-server up to 0.2.2. It has been rated as critical. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. This vulnerability is registered as CVE-2026-11529. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is advised.
vuldb.com

Managed ad