Briefs

This brief focuses on detecting deletion actions within GitHub audit logs, specifically targeting the deletion of codespaces, environments, projects, and repositories, potentially indicating malicious activity or insider threats.

Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to OS command injection via manipulation of the `wifiOff` argument in the `setWiFiBasicCfg` function of the `/cgi-bin/cstecgi.cgi` CGI handler, allowing a remote attacker to execute arbitrary commands on the system.

A buffer overflow vulnerability in the D-Link DI-8100 router allows remote attackers to execute arbitrary code by manipulating the 'fn' argument in the tgfile_htm function of the CGI endpoint.

A critical OS command injection vulnerability (CVE-2026-7244) exists in the setWiFiEasyGuestCfg function of the /cgi-bin/cstecgi.cgi file in Totolink A8000RU version 7.1cu.643_b20200521, allowing remote attackers to execute arbitrary commands.

Multiple vulnerabilities in VMware Tanzu Spring Boot allow attackers to execute arbitrary code, bypass security measures, manipulate or disclose sensitive data, or hijack authenticated users.

Multiple vulnerabilities in Atlassian Bamboo, Bitbucket, Confluence, and Jira allow attackers to execute arbitrary code, bypass security measures, manipulate data, disclose information, or perform cross-site scripting attacks.

A path traversal vulnerability (CVE-2026-7237) exists in AgiFlow scaffold-mcp versions up to 1.0.27, allowing remote attackers to write to arbitrary files by manipulating the file_path argument in the write-to-file tool.

CVE-2026-7240 is a critical OS command injection vulnerability in the Totolink A8000RU router that allows remote attackers to execute arbitrary commands by manipulating the 'User' argument in the 'setVpnAccountCfg' function.

A path traversal vulnerability (CVE-2026-7234) exists in BrowserOperator browser-operator-core up to version 0.6.0, allowing remote attackers to read arbitrary files by manipulating the request.url argument in the startsWith function of scripts/component_server/server.js.

A remote buffer overflow vulnerability exists in Totolink N300RT 3.4.0-B20250430 via manipulation of the 'entry_name' argument in the /boafrm/formIpQoS file, potentially leading to arbitrary code execution.

A path traversal vulnerability exists in edvardlindelof notes-mcp up to version 0.1.4, affecting the notes_mcp.py file, allowing a remote attacker to access sensitive files by manipulating the `root_dir/path` argument.

A path traversal vulnerability (CVE-2026-7214) exists in eghuzefa's engineer-your-data up to version 0.1.3, allowing remote attackers to read or write arbitrary files by manipulating the WORKSPACE_PATH argument.

A path traversal vulnerability exists in the `search_papers` function of `src/main.py` in duartium papers-mcp-server version 9ceb3812a6458ba7922ca24a7406f8807bc55598, allowing remote attackers to read arbitrary files by manipulating the `topic` argument, with a public exploit available.

A SQL injection vulnerability exists in dubydu sqlite-mcp version 0.1.0 and earlier within the extract_to_json function allowing remote exploitation through manipulation of the output_filename argument.

A command injection vulnerability (CVE-2026-7211) exists in the GitSearchRequest function of dvladimirov MCP up to version 0.1.0, allowing a remote attacker to execute arbitrary commands by manipulating the repo_url or pattern argument.

A Google Workspace login attempt flagged as a potential attack by a government-backed threat actor, indicating potential privilege escalation, defense evasion, persistence, initial access, or impact.

A SQL injection vulnerability (CVE-2026-7199) exists in SourceCodester Pharmacy Sales and Inventory System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'ID' parameter in the `/ajax.php?action=delete_product` endpoint, potentially leading to data breach or system compromise.

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files by uploading a malicious tar archive containing symlinks, leading to arbitrary file write on the remote host.

Attackers can achieve persistence and privilege escalation on Linux systems by creating or modifying files in the /etc/sudoers.d/ directory to grant unauthorized users or groups sudo privileges.

Tenda HG3 2.0 is vulnerable to command injection; by manipulating the datasize argument in the formTracert function of the /boaform/formTracert file, a remote attacker can inject commands.

A critical arbitrary code execution vulnerability (CVE-2026-41635) exists in Apache MINA versions 2.0.0 through 2.0.27, 2.1.0 through 2.1.10, and 2.2.0 through 2.2.5 due to missing class validation in the AbstractIoBuffer.resolveClass() method, potentially allowing attackers to execute arbitrary code on applications using Apache MINA.

CVE-2026-7131 is a SQL injection vulnerability in code-projects Online Lot Reservation System up to version 1.0, affecting the /loginuser.php component via manipulation of the email/password arguments, which could allow remote attackers to execute arbitrary SQL queries.

BlueNoroff, a subgroup of the Lazarus Group, is targeting North American Web3 companies through spear-phishing campaigns, impersonating Fintech legal professionals.

A command injection vulnerability exists in tufantunc ssh-mcp up to version 1.5.0 via manipulation of the Description argument in the shell.write function.

A buffer overflow vulnerability in Tenda F456 version 1.0.0.5 allows remote attackers to execute arbitrary code via a crafted request to the fromWrlclientSet function in the /goform/WrlclientSet file of the httpd component.

SourceCodester Pharmacy Sales and Inventory System 1.0 is vulnerable to SQL injection by manipulating the ID argument in the /ajax.php?action=save_receiving file, allowing remote attackers to execute arbitrary SQL commands.

A buffer overflow vulnerability exists in Tenda F456 version 1.0.0.5 in the `fromGstDhcpSetSer` function, allowing remote attackers to execute arbitrary code by manipulating the 'dips' argument via a crafted HTTP request to `/goform/GstDhcpSetSer`.

A SQL injection vulnerability exists in itsourcecode Construction Management System version 1.0, affecting the processing of the /locations.php file, allowing a remote attacker to inject SQL commands by manipulating the 'address' argument, with a publicly available exploit.

A SQL injection vulnerability exists in CodePanda Source canteen_management_system version 1.0 within the /api/login.php file by manipulating the Username argument, allowing remote attackers to execute arbitrary SQL commands.

A SQL injection vulnerability exists in code-projects Inventory Management System 1.0 within the Login component, specifically affecting the Username argument, where a remote attacker can manipulate the Username parameter, leading to unauthorized data access or modification.