189 matches found
CVE-2026-9394 Besen BS20 EV Charging Station Bluetooth Low Energy weak password
A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...
CVE-2026-8233
A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...
CVE-2026-22828
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large...
sql-injection-corpus
SQL Injection Corpus - User Guide Overview This corpus con...
What Makes a Good LLM Agent for Real-World Penetration Testing?
LLM-based agents show promise for automating penetration testing, yet reported performance varies widely across systems and benchmarks. We analyze 28 LLM-based penetration testing systems and evaluate five representative implementations across three benchmarks of increasing complexity. Our analys...
CVE-2026-2220
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...
CVE-2026-2220
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...
CVE-2026-2220
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...
CVE-2026-2220 code-projects Online Reviewer System btn_functions.php sql injection
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...
CVE-2026-2220
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...
CVE-2026-2220 code-projects Online Reviewer System btn_functions.php sql injection
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...
CVE-2026-2198 code-projects Online Reviewer System loaddata.php sql injection
A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...
CVE-2026-2198 code-projects Online Reviewer System loaddata.php sql injection
A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...
CVE-2026-2198
A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...
Code-Projects Online Reviewer System SQL注入漏洞
The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the difficultyid parameter in the...
PT-2026-7073
Name of the Vulnerable Software and Affected Versions code-projects Online Reviewer System version 1.0 Description A flaw exists in code-projects Online Reviewer System that allows for SQL injection. This occurs due to manipulation of the difficulty id argument within an unknown function of the...
Code-Projects Online Reviewer System SQL注入漏洞
The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter difficultyid in...
CVE-2025-13499
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widesprea...
Incentive Attacks in BTC: Short-Term Revenue Changes and Long-Term Efficiencies
Bitcoin's BTC Difficulty Adjustment Algorithm DAA has been a source of vulnerability for incentive attacks such as selfish mining, block withholding and coin hopping strategies. In this paper, first, we rigorously study the short-term revenue change per hashpower of the adversarial and honest...
PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities
The increasing autonomy of Large Language Models LLMs necessitates a rigorous evaluation of their potential to aid in cyber offense. Existing benchmarks often lack real-world complexity and are thus unable to accurately assess LLMs' cybersecurity capabilities. To address this gap, we introduce...