345 matches found
Internet Starts to Return in Iran After 3-Month Blackout
Some internet connectivity is returning in Iran after nearly 90 days offline, web monitoring groups say. But it isn’t clear if the reconnection is permanent...
Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month
Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code...
Unity Linux 20.1060e / 20.1070e Security Update: apr (UTSA-2026-016610)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016610 advisory. When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be...
CVE-2026-6148
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...
CVE-2026-6148
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...
CVE-2026-6148 code-projects Vehicle Showroom Management System MonthTotalReportUpdateFunction.php sql injection
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...
CVE-2026-6148 code-projects Vehicle Showroom Management System MonthTotalReportUpdateFunction.php sql injection
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...
Code-Projects Vehicle Showroom Management System SQL注入漏洞
The Code-Projects Vehicle Showroom Management System is an open-source vehicle exhibition hall management system developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from improper handling...
PT-2026-28099
What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492...
PT-2026-28103
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str eval function in notification handler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.co names of the...
PT-2026-28104
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.3-rc1 Description An Insecure Direct Object Reference IDOR exists in the 'PUT /api/keys' endpoint. Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, an...
PT-2026-28097
What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492...
New Search Experience for Veeam Data Cloud for Microsoft 365
Purpose We are excited to announce the initial rollout of our new search feature, designed to significantly improve the speed and efficiency of your search experience. Below are the details and important limitations to be aware of during this phased rollout. What's New Faster Search Experience Ou...
EUVD-2019-19766
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...
CVE-2019-25473
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...
CVE-2019-25473
CVE-2019-25473 affects Clinic Pro via SQL injection on the monthly_expense_overview endpoint, exploitable by authenticated users through the month parameter. Root cause: improper input handling enabling boolean/time-based/error-based SQL injection. Impact: confidentiality impact HIGH; integrity L...
CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...
CVE-2019-25473
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...
PT-2026-24963
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly expense overview endpoint with crafted month values using boolean-based blind,...
Softweb Clinic Pro SQL注入漏洞
Softweb Clinic Pro is a clinic management system developed by the British company Softweb. Softweb Clinic Pro has a SQL injection vulnerability; this vulnerability stems from the SQL injection in the month parameter, which could allow authenticated attackers to manipulate database queries and...