PT-2026-41345

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

Deserialization of Untrusted Data

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the dumps and dumpd functions when user-controlled data containing the lc key is serialized and later deserialized. This key...

PT-2025-33747

Name of the Vulnerable Software and Affected Versions: EzGED3 versions prior to 3.5.72.27183 Description: EzGED3 is susceptible to an unauthenticated arbitrary file read issue stemming from inadequate access control and insufficient input validation within a web-accessible script. An attacker can...

CVE-2025-8714

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...

SUSE CVE-2022-3650

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information...

Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards

Two point-of-sale PoS malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34...

Torguard VPN 安全漏洞

Torguard VPN is an anonymous VPN, proxy and email service from Torguard. Torguard VPN version 4.8 suffers from a security vulnerability that allows an attacker to dump sensitive information without administrator privileges...

A week in security (December 10 – 16)

Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more acce...

Election Leaks Failed to Move Needle on Polls

The barrage of information leaks, state-sponsored espionage and hacktivism related to the U.S. presidential election has had a mixed bag of effects on the race and voter confidence. For the most part, attacks against organizations supporting both major political parties, extensive email leaks and...

Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web

Yahoo says it is investigating reports of 200 million user credentials advertised for sale on the Dark Web by a hacker that goes by the handle “peaceofmind”. The Yahoo credentials, according to the site listing the database for sale, includes usernames, passwords hashed using the MD5 algorithm,...

Got Pwned? PwnedList.com Knows

With more and more victims of identity theft minted every day, figuring out if you’re one of the unlucky masses with a leaked email password is yeoman’s work. Now one security researcher is trying to make it easy with PwnedList.com, a Web site that collects leaked and stolen data, then tells...

Anonymous Antisec leaks Zimbabwe, Australia and Brazil governments data dumps

Anonymous Antisec leaks Zimbabwe, Australia and Brazil governments data dumps Anonymous Hackers have published a mass of data including passwords that appears to have been stolen from the governments of Brazil, Zimbabwe, Australia and the Caribbean island Anguilla. One of the files released via...