CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

PT-2026-34283

Name of the Vulnerable Software and Affected Versions Twittee Text Tweet versions prior to 1.0.9 Description Insufficient input sanitization and output escaping in the ttt twittee tweeter function allow authenticated attackers with Contributor-level access and above to inject arbitrary web script...

Text Steganography with Dynamic Codebook and Multimodal Large Language Model

With the popularity of the large language models LLMs, text steganography has achieved remarkable performance. However, existing methods still have some issues: 1 For the white-box paradigm, this steganography behavior is prone to exposure due to sharing the off-the-shelf language model between...

PT-2026-34302

Name of the Vulnerable Software and Affected Versions Text Snippets versions prior to 0.0.2 Description The Text Snippets plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes within th...

WordPress plugin Text Snippets 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Adaptive Instruction Composition for Automated LLM Red-Teaming

Many approaches to LLM red-teaming leverage an attacker LLM to discover jailbreaks against a target. Several of them task the attacker with identifying effective strategies through trial and error, resulting in a semantically limited range of successes. Another approach discovers diverse attacks ...

CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider " has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group...

MGASA-2026-0106 Updated firefox & thunderbird packages fix security vulnerabilities

Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. CVE-2026-5731 Incorrect boundary conditions, integer overflow in the Graphics: Text component. CVE-2026-5732 Memory safety bugs fixed in Firefox ESR 140.9.1,...

Updated firefox & thunderbird packages fix security vulnerabilities

Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. CVE-2026-5731 Incorrect boundary conditions, integer overflow in the Graphics: Text component. CVE-2026-5732 Memory safety bugs fixed in Firefox ESR 140.9.1,...

CVE-2026-41303

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending hos...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013034)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013034 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to preven...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011313 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to preven...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

CVE-2026-41303

OpenClaw before 2026.3.28 contains an authorization bypass in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Specifically, the channels.discord.execApprovals.approvers allowlist can be bypassed by using Discord text commands to approve pending host exe...

CVE-2026-41303 OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending hos...

CVE-2026-41253

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...

Malicious Package

Overview tailwind-text-fill is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...