News & Sicurezza

CVE ID :CVE-2026-5671 Published : April 6, 2026, 5:15 p.m. | 40 minutes ago Description :A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/delete_batch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument batch can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), ... Read more Published Date: Apr 06, 2026 (1 day ago) Vulnerabilities has been mentioned in this article. CVE-2026-35616

The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware Storm-1175 attack chain | Image: Microsoft A new report from Microsoft Threat Intelligence has exposured on Storm-1175, a financially motivated threat actor that has mastered the art of the high-veloc ... Read more Published Date: Apr 06, 2026 (1 day ago) Vulnerabilities has been mentioned in this article.

The Ninja’s Open Door: How a 9.8 CVSS Flaw Grants Hackers Full Control of 50,000 WordPress Sites In a major alert for the WordPress community, a critical security flaw has been disclosed in the Ninja Forms – File Upload plugin. The vulnerability, tracked as CVE-2026-0740, carries a CVSS score of ... Read more Published Date: Apr 06, 2026 (1 day ago) Vulnerabilities has been mentioned in this article.

A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Memory Corruption when handling power management requests with improperly sized input/output buffers.

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.