CVE-2026-2247

CVE-2026-2247 describes an SQL injection in Clicldeu SaaS during report generation via the mobile app’s Day-to-day section. The vulnerability arises when a previously authenticated remote attacker uses a malicious payload in the URL generated after downloading a student’s report card, with the PD...

Intellicise Wireless Networks Meet Agentic AI: A Security and Privacy Perspective

Intellicise Intelligent and Concise wireless network is the main direction of the evolution of future mobile communication systems, a perspective now widely acknowledged across academia and industry. As a key technology within it, Agentic AI has garnered growing attention due to its advanced...

LibrarySystem 访问控制错误漏洞

LibrarySystem is a book management system developed by Walton’s individual developers. Versions of LibrarySystem prior to 1.1.1 contained an access control vulnerability. This vulnerability stemmed from improper access control in the BookController.java file, which could lead to remote attacks...

Notepad2 代码问题漏洞

Notepad2 is a text editor developed by Florian Balmer. Versions 4.2.22, 4.2.23, 4.2.24, and 4.2.25 of Notepad2 have code vulnerabilities. These vulnerabilities stem from an uncontrolled search path in the Msimg32.dll library, which could lead to local attacks...

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains a code vulnerability. This vulnerability stems from a deserialization issue in the importDocumentFromZip function of the component in the file...

Total VPN 代码问题漏洞

Total VPN is a virtual private network service software provided by the American company Total VPN. Version 0.5.29.0 of Total VPN has a code vulnerability. This vulnerability stems from an issue with search paths in the file C:Program FilesTotal VPNwin-service.exe that are not enclosed in quotati...

cskefu（春松客服） 跨站脚本漏洞

cskefu Chunsong Customer Service is an open-source, free intelligent customer service system developed by Chatopera in China. Versions of cskefu prior to 8.0.1 contained a cross-site scripting vulnerability. This vulnerability originated from a cross-site scripting issue in the Upload function of...

Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks

As the capabilities of large language models continue to advance, so does their potential for misuse. While closed-source models typically rely on external defenses, open-weight models must primarily depend on internal safeguards to mitigate harmful behavior. Prior red-teaming research has largel...

CVE-2026-2540

The CVE-2026-2540 entry describes a flaw in the Micca KE700 system where flawed resynchronization logic allows replay of previously captured codes in a specific sequence. This enables the system to accept stale rolling codes, potentially executing a command and cloning the alarm key, which could ...

PT-2026-8235

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...

Micca KE700 安全漏洞

The Micca KE700 is a source bookshelf speaker from the Micca company. The Micca KE700 has a security vulnerability, which stems from a flaw in the logic for resynchronization. This vulnerability could lead to replay attacks, allowing attackers to clone alarm keys and gain unauthorized access to...

Unidocs ezPDF DRM Reader和Unidocs ezPDF Reader 代码问题漏洞

Unidocs ezPDF DRM Reader and Unidocs ezPDF Reader are PDF readers developed by Unidocs, a company from South Korea. There are code vulnerabilities in Unidocs ezPDF DRM Reader and Unidocs ezPDF Reader 2.0, as well as Unidocs ezPDF Reader 3.0.0.4. These vulnerabilities stem from uncontrolled search...

Assessing Cybersecurity Risks and Traffic Impact in Connected Autonomous Vehicles

Given the promising future of autonomous vehicles, it is foreseeable that self-driving cars will soon emerge as the predominant mode of transportation. While autonomous vehicles offer enhanced efficiency, they remain vulnerable to external attacks. In this research, we sought to investigate the...

WordPress plugin MailChimp Campaigns 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

Active Directory Attacks Demystified: Pass-the-Hash (PtH), Pass-the-Ticket (PtT), and Beyond

Key Takeaways Active Directory attacks are identified as a significant threat in enterprise environments, with 74% of breaches involving compromised identities according to the Verizon DBIR 2025. Pass-the-Hash PtHattacks facilitate lateral movement by allowing the reuse of stolen NTLM hashes...

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 CVSS score: 7.8, has been described as a memory corruption issue in dyl...

ClipBucket 代码问题漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to create video-sharing websites. Versions of ClipBucket prior to v5.5.3 had code vulnerabilities. These vulnerabilities stemmed from the remote playback feature, which allowed the creation...