CVE-2026-2543 vichan-devel vichan Password Change pages.php unverified password change

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

buffer-overflow-lab

💥 Buffer Overflow Lab Educational lab for learning buffer ove...

Kernel-Exploitation

Ke...

[SECURITY] Fedora 43 Update: linux-sgx-2.26-34.fc43

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++...

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019,...

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

The Rise of AI Agent Communities: Large-Scale Analysis of Discourse and Interaction on Moltbook

Moltbook is a Reddit-like social platform where AI agents create posts and interact with other agents through comments and replies, offering a real-world setting to examine agent-to-agent communication at scale. Using a public API snapshot collected about five days after launch 122,438 posts, we...

GHSA-P773-8MF4-RJM5 @farmfe/core is Missing Origin Validation in WebSocket

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

Exploit for CVE-2026-20841

Purpose The purpose of this work is to investigate the RCE vul...

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

PT-2026-7857

Name of the Vulnerable Software and Affected Versions @farmfe/core versions prior to 1.7.6 Description The development server does not validate the origin when establishing WebSocket connections. This allows attackers to monitor developers using Farm who visit a malicious webpage and potentially...

CVE-2026-21528

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-21353

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

[SECURITY] Fedora 42 Update: tbtools-0.7.0-2.fc42

This is a collection of tools for Linux Thunderbolt/USB4 development, debuggi ng and validation but may be useful to others as well...

Best Tools for Test Data Management to Accelerate QA Teams in 2026

Test Data Management tools for 2026 ranked for QA and DevOps teams, comparing speed, self service, masking, CI/CD fit, and enterprise readiness...

CVE-2026-21355

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-21353

The CVE-2026-21353 issue affects DNG SDK versions 1.7.1 ≤ 2410 and earlier. The root cause is an Integer Overflow or Wraparound (CWE-190) in the SDK, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. ...