863 matches found
CVE-2026-14777
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...
CVE-2026-14777
SourceCodester Onlne Examination & Learning Management System 1.0 has a vulnerability in /announcements.php that allows unrestricted file upload. The issue arises from an unknown functionality path in announcements.php, enabling remote exploitation and has publicly available exploits. The CVE not...
CVE-2026-14777
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...
The Gentlemen are knocking: сustom backdoors and evolving tactics
Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...
CVE-2026-11773
The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-11773 Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification
The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-11773
The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-39953
The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-11773
CVE-2026-11773 affects the Masteriyo LMS – LMS Course Builder, Quizzes & Certificates WordPress plugin (versions up to 2.2.1). The issue is an authorization bypass where the plugin fails to verify a user’s permission, enabling authenticated attackers with student-level access and above to modify ...
PT-2026-53050
Name of the Vulnerable Software and Affected Versions Masteriyo LMS – LMS Course Builder, Quizzes & Certificates versions prior to 2.2.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows...
Microsoft Azure 资源管理错误漏洞
Microsoft Azure is an open enterprise-level cloud computing platform provided by the American company Microsoft. There is a resource management vulnerability in Microsoft Azure. Currently, there is no information regarding this vulnerability. Please stay informed by following CNNVD or the vendor’...
EulerOS Virtualization 2.13.1 : avahi (EulerOS-SA-2026-2120)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...
Zephyr 安全漏洞
Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, caused by a bit offset issue. A remote attacker can set an unvalidated negative value of logannounceinterval by sending a specially crafted PTPMSGMANAGEMENT message...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Patrik Simek from Czech Republic. It allows running untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.2 have security vulnerabilities. There is currently no information regarding these...
Cribl 安全漏洞
Cribl is a log analysis tool. Versions of Cribl prior to 4.17.1 have security vulnerabilities. There is currently no information regarding these vulnerabilities. Please stay informed by following CNNVD or the vendor’s announcements...
Malicious code in apl-announcements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f5e32781749c59464ed1f8d649c60102886b11838297e856aeaa3be42ed15f1 The package apl-announcements was found to contain malicious code...
MAL-2026-2728 Malicious code in apl-announcements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f5e32781749c59464ed1f8d649c60102886b11838297e856aeaa3be42ed15f1 The package apl-announcements was found to contain malicious code...
The Dumbest Hack of the Year Exposed a Very Real Problem
Last April, a hacker hijacked crosswalk announcements to mimic Mark Zuckerberg and Elon Musk. Records obtained by WIRED reveal how unprepared local authorities were...
PT-2026-29104
Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.1.25 Docker Desktop versions prior to 4.67.0 Description The software contains a Server-Side Request Forgery SSRF issue within the OCI registry token exchange process. When retrieving a model, the softwa...
CVE-2026-32308
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...