Low severity2.4NVD Advisory· Published Mar 18, 2026· Updated Apr 29, 2026
CVE-2026-4356
CVE-2026-4356
Description
A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
50- Lens Agents brings policy control to AI across cloud and desktopHelp Net Security · May 4, 2026
- Brush shell 0.4.0 tightens script safety, widens platform supportHelp Net Security · May 4, 2026
- Pipelock: Open-source AI agent firewallHelp Net Security · May 4, 2026
- Spotting third-party cyber risk before attackers doHelp Net Security · May 4, 2026
- What researchers learned about building an LLM security workflowHelp Net Security · May 4, 2026
- Your work apps are quietly handing 19 data points to someoneHelp Net Security · May 4, 2026
- ChatGPT advanced account security adds passkeys and hardware keysHelp Net Security · May 3, 2026
- Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for monthsHelp Net Security · May 3, 2026
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEVThe Hacker News · May 3, 2026
- British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discoveryThe Record · May 1, 2026
- Download: Automating Pentest Delivery GuideHelp Net Security · May 1, 2026
- Microsoft fixes Remote Desktop warnings displaying incorrectlyBleepingComputer · May 1, 2026
- Two US Security Experts Sentenced to Prison for Helping Ransomware GangSecurityWeek · May 1, 2026
- Top Five Sales Challenges Costing MSPs Cybersecurity RevenueThe Hacker News · May 1, 2026
- Windows 11 KB5083631 update released with 34 changes and fixesBleepingComputer · May 1, 2026
- Open-source privacy proxy masks PII before prompts reach external AI servicesHelp Net Security · May 1, 2026
- Shadow AI risks deepen as 31% of users get no employer trainingHelp Net Security · May 1, 2026
- Identity is the control plane for distributed infrastructureHelp Net Security · May 1, 2026
- AI traffic is getting bigger, louder, and less predictableHelp Net Security · May 1, 2026
- New infosec products of the month: April 2026Help Net Security · May 1, 2026
- Anthropic Unveils Claude Security to Counter AI-Powered Exploit SurgeSecurityWeek · Apr 30, 2026
- Great responsibility, without great powerCisco Talos Intelligence · Apr 30, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)Wordfence Blog · Apr 30, 2026
- PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal CredentialsThe Hacker News · Apr 30, 2026
- April KB5083769 Windows 11 update causes backup software failuresBleepingComputer · Apr 30, 2026
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPsKrebs on Security · Apr 30, 2026
- What Happens in the First 24 Hours After a New Asset Goes LiveBleepingComputer · Apr 30, 2026
- ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More StoriesThe Hacker News · Apr 30, 2026
- cPanel zero-day exploited for months before patch release (CVE-2026-41940)Help Net Security · Apr 30, 2026
- Cisco releases open-source toolkit for verifying AI model lineageHelp Net Security · Apr 30, 2026
- New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud CredentialsThe Hacker News · Apr 30, 2026
- Met Police face criticism for using AI to spy on their own officersHelp Net Security · Apr 30, 2026
- Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)Help Net Security · Apr 30, 2026
- EtherRAT Distribution Spoofing Administrative Tools via GitHub FacadesThe Hacker News · Apr 30, 2026
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code ExecutionThe Hacker News · Apr 30, 2026
- Danger of Libredtail [Guest Diary], (Wed, Apr 29th)SANS Internet Storm Center · Apr 30, 2026
- SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain AttackThe Hacker News · Apr 29, 2026
- What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)The Hacker News · Apr 29, 2026
- Claude Mythos Has Found 271 Zero-Days in FirefoxSchneier on Security · Apr 29, 2026
- Critical cPanel Authentication Vulnerability Identified — Update Your Server ImmediatelyThe Hacker News · Apr 29, 2026
- CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe Hacker News · Apr 29, 2026
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of DisclosureThe Hacker News · Apr 29, 2026
- Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushThe Hacker News · Apr 28, 2026
- HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)SANS Internet Storm Center · Apr 28, 2026
- Five defender priorities from the Talos Year in ReviewCisco Talos Intelligence · Apr 28, 2026
- Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks AboutThe Hacker News · Apr 28, 2026
- Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCEThe Hacker News · Apr 28, 2026
- What Anthropic’s Mythos Means for the Future of CybersecuritySchneier on Security · Apr 28, 2026
- Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202The Hacker News · Apr 28, 2026
- Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 AttackThe Hacker News · Apr 27, 2026