CVE-2026-7153

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sysinfo results in os command injection. The attack can b...

CVE-2025-11791

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186, Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...

CVE-2026-28710

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

EUVD-2006-0382

Malware in sbrugna...

EUVD-2019-16080

Malware in sbrugna...

EUVD-2023-53327

Malicious code in bioql PyPI...

EUVD-2024-48663

Malicious code in bioql PyPI...

EUVD-2025-1488

Malicious code in bioql PyPI...

EUVD-2022-44484

Malicious code in bioql PyPI...

CVE-2024-49388

Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 38690...

CVE-2023-44161

Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 35979...

CAIN: Hijacking LLM-Humans Conversations Via a Two-Stage Malicious System Prompt Generation and Refining Framework

Large language models LLMs have advanced many applications, but are also known to be vulnerable to adversarial attacks. In this work, we introduce a novel security threat: hijacking AI-human conversations by manipulating LLMs' system prompts to produce malicious answers only to specific targeted...

AI-Powered Deception is a Menace to Our Societies

Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said,...

CVE-2024-29723

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...

ABB Cylon Aspect 3.08.01 (oosManagerAjax.php) Information Manipulation

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated informatio...

CVE-2024-45877

baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...

CVE-2024-49388

Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 38690...

Apache StreamPark SQL Injection Vulnerability (CNVD-2024-35191)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in a back-end database...

F5 BIG-IP Next Central Manager SQL Injection Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A SQL injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to send crafted...

CVE-2024-23190

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...