News & Sicurezza

CVE ID :CVE-2026-5041 Published : March 29, 2026, 10:15 a.m. | 3 hours, 37 minutes ago Description :A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. Severity: 5.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5037 Published : March 29, 2026, 9:15 a.m. | 2 hours, 37 minutes ago Description :A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

CVE ID :CVE-2026-5036 Published : March 29, 2026, 8:15 a.m. | 3 hours, 37 minutes ago Description :A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. Severity: 9.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST updates its DNS security guidance for the first time in over a decade DNS infrastructure underpin ... Read more Published Date: Mar 29, 2026 (2 days ago) Vulnerabilities has been mentioned in this article. CVE-2026-33634 CVE-2026-3055 CVE-2026-33017 CVE-2026-21992 CVE-2025-53521

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE ID :CVE-2026-5035 Published : March 29, 2026, 7:15 a.m. | 4 hours, 37 minutes ago Description :A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Hackers Probe Citrix NetScaler Instances Ahead of Likely CVE-2026-3055 Exploitation Cybersecurity researchers are sounding the alarm over imminent in-the-wild exploitation of a recently disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligen ... Read more Published Date: Mar 29, 2026 (1 day, 23 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055

CISA Issues Three-Days Patch Mandate for Critical 9.8 F5 BIG-IP RCE The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical Remote Code Execution (RCE) vulnerability affecting F5 BIG-IP systems to its Known Exploited Vulnerabilities ... Read more Published Date: Mar 29, 2026 (1 day, 22 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-40551 CVE-2025-53521 CVE-2025-27915

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

CVE ID :CVE-2026-5034 Published : March 29, 2026, 6:16 a.m. | 5 hours, 37 minutes ago Description :A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.