38300 matches found
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from clickjacking or overlay attacks, potentially leading to local privilege escalation...
PT-2026-22504
Name of the Vulnerable Software and Affected Versions MaxSite CMS versions up to 109.1 Description A code injection issue exists in MaxSite CMS due to a flaw in the eval function within the file application/maxsite/admin/plugins/editor markitup/preview-ajax.php of the MarkItUp Preview AJAX Endpoi...
RedTeam-MCP
🔴 RedTeam-MCP AI-Powered Autonomous Red Team Framework vi...
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf , the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort " -- has coordinated a barrage of...
CVE-2026-25114
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in...
EUVD-2026-8949
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
EUVD-2026-8938
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
Chargemap 安全漏洞
Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, which stems from the lack of an authentication request limit on the WebSocket API. This vulnerability could lead to denial-of-service attacks or brute-force...
EV Energy 安全漏洞
EV Energy is an electric vehicle charging software platform operated by the British company EV Energy. There is a security vulnerability within EV Energy; this vulnerability stems from the lack of restrictions on the number of authentication requests, which could lead to denial-of-service attacks...
EV Energy 代码问题漏洞
EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. There are code vulnerabilities within EV Energy; these vulnerabilities stem from the WebSocket backend, which uses charging station identifiers to uniquely associate sessions but allows multiple...
CloudCharge 安全漏洞
CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket Application Programming Interface. Thi...
Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking
Jailbreak techniques for large language models LLMs evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY JBF, a system that addresses this gap via a...
CVE-2026-27449
Umbraco Engage (before versions 16.2.1 and 17.1.1) exposes certain API endpoints that do not enforce authentication or authorization. An unauthenticated user can query these endpoints directly (for example via an id parameter like ?id=) to enumerate and retrieve sensitive Engage data associated w...
How to understand and avoid Advanced Persistent Threats
By definition, an advanced persistent threat APT is a prolonged, targeted attack on a specific victim with the intention to compromise their system and gain information from or about that target. About a decade ago, the term was mostly used for state-sponsored threat actors. I used threat actors...
PT-2026-22240
Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacke...
Sub2API 安全漏洞
Sub2API is an API gateway platform developed by Wesley Liddick. Versions of Sub2API prior to 0.1.85 contained security vulnerabilities; these vulnerabilities were caused by password reset attacks, which could lead to account takeover...
CVE-2026-3100
CVE-2026-3100 affects ASUSTOR ADM FTP Backup running on Linux/x86/ARM (64‑bit). The issue is improper certificate validation in ADM FTP Backup, enabling sniffing attacks over the network. Affected versions are ADM 4.1.0–4.3.3.ROF1 and 5.0.0–5.1.2.RE51. The CVSS base score is 8.3 (HIGH) with netwo...
North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks
Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime...