ClipBucket 代码问题漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to create video-sharing websites. Versions of ClipBucket prior to v5.5.3 had code vulnerabilities. These vulnerabilities stemmed from the remote playback feature, which allowed the creation...

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

RLSA-2026:1226 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

set-in 安全漏洞

set-in is a JavaScript library developed by Mikey personally. Versions of set-in 2.0.1 to 2.0.5 had security vulnerabilities due to insufficient input validation. These vulnerabilities could allow for attacks through specially crafted input that contaminated the Object.prototype prototype, leadin...

PT-2026-7658

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 MSHTML affected versions not specified Description An OS command injection issue exists in XWEB Pro, allowing a user with network access to execute code remotely by injecting malicious input into the request...

New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims

Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying...

CVE-2026-2098

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2026-2098

AgentFlow (Flowring) CVE-2026-2098 describes a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to run arbitrary JavaScript in a user’s browser via phishing. The entry specifies network attack vector, low attack complexity, and user interaction required (a...

Microsoft Azure DevOps Server 代码问题漏洞

Microsoft Azure DevOps Server is a software development collaboration tool provided by the American company Microsoft. This product includes features such as shared code, work tracking, and software release management. There are code-related vulnerabilities in Microsoft Azure DevOps Server...

Microsoft NTLM 安全漏洞

Microsoft NTLM is an authentication protocol used by Microsoft on networks that include systems running the Windows operating system, as well as standalone systems. There are security vulnerabilities in Microsoft NTLM. Attackers exploit these vulnerabilities to carry out phishing attacks. The...

Microsoft Outlook 信息泄露漏洞

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Outlook. The vulnerability stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to conduc...

SAP BusinessObjects Enterprise 跨站脚本漏洞

SAP BusinessObjects Enterprise is a business intelligence platform developed by the German company SAP. SAP BusinessObjects Enterprise has a cross-site scripting vulnerability, which stems from insufficient user-controlled input encoding. This vulnerability may lead to storage-based cross-site...

Microsoft Azure HDInsight 跨站脚本漏洞

Microsoft Azure HDInsight is a hosted cluster platform provided by Microsoft Corporation, offering managed, full-spectrum, open-source cloud analysis services for businesses. Microsoft Azure HDInsight has a cross-site scripting vulnerability. Attackers utilize this vulnerability to carry out...

Microsoft Outlook 代码问题漏洞

Microsoft Outlook is an email application developed by the American company Microsoft. There are code-related vulnerabilities in Microsoft Outlook. Attackers utilize these vulnerabilities to carry out deceptive attacks. The following products and versions are affected: Microsoft Office LTSC 2021...

CVE-2025-66602

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

Shor's Harvest Now Decrypt Later

This plugin reports network services that may be vulnerable now to a future attack by adversaries using a cryptographically relevant quantum computer CRQC. Shor's is a theoretical algorithm that leverages the unique ability of quantum computation to do massively parallel calculations developed by...

Reverse Online Guessing Attacks on PAKE Protocols

Though not yet widely deployed, password-authenticated key exchange PAKE protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure PKI, making the...

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 to R10.04 versions. These vulnerabilities stem from the Web server’s acceptance of IP address access;...

PT-2026-7006

Name of the Vulnerable Software and Affected Versions code-projects Contact Management System version 1.0 Description A security flaw exists in the Contact Management System. The issue involves improper authentication due to manipulation of the ID argument within the CRUD Endpoint component. This...

PT-2026-6984

Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A stack-based buffer overflow exists in the set qosMib list function located in the /goform/formSetQosBand file. Manipulation of arguments to this function can trigger the overflow, allowing for remote...