WordPress plugin Livemesh Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Jenkins Pipeline: Groovy Libraries Plugin 安全漏洞

Jenkins Pipeline: The Groovy Libraries Plugin is an open-source Jenkins Pipeline plugin that manages Groovy libraries. The Jenkins Pipeline: Groovy Libraries Plugin versions 797.v90eaa9be45a0 and earlier have security vulnerabilities. These vulnerabilities stem from the lack of protection against...

PT-2026-43456

Name of the Vulnerable Software and Affected Versions YAMCS affected versions not specified Description The authentication endpoint "POST /auth/token" in yamcs-core lacks rate limiting, account lockout, and failed attempt throttling. This allows an unauthenticated remote attacker to perform...

TeamSpeak 3 Server 资源管理错误漏洞

TeamSpeak 3 Server is a real-time voice communication server software developed by the TeamSpeak company. Versions of TeamSpeak 3 Server prior to 3.13.7 contained a resource management vulnerability. This vulnerability stemmed from the processresendqueue function in the Connection State Managemen...

GNU LibreDWG 安全漏洞

GNU LibreDWG is a C-language library from the GNU community in the United States that is used for processing DWG files. Versions of GNU LibreDWG 0.13.4.8160 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the bitreadRC function within the...

CVE-2026-42960

A flaw was found in Unbound's handling of DNS reply messages, complementing the earlier CVE-2025-11411 fix. Unbound accepts and caches address records from the additional section of DNS replies when they accompany authority section RRSets other than NS such as MX records. A malicious actor who ca...

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence AI tools to make their attacks faster, stronger, and much harder to stop. According to...

EUVD-2026-31809

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

Student-Management-System 访问控制错误漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. The STUDENT-MANAGEMENT-SYSTEM contains a security vulnerability related to access control. This vulnerability stems from improper access control measures in the Dashboard component, which may...

Backdoor Attacks on Fault Detection and Localization in Cyber-Physical Systems

Cyber-Physical Systems CPS integrate sensing, communication, computation, and control to support critical infrastructure, including smart grids, industrial automation, and control systems. In the electrical utility domain, various controllers are used in CPS to ensure the system detects and...

PT-2026-43210

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable file paths an...

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.9.1 contained a security vulnerability. This vulnerability stemmed from the use of unaltered MD5 hash storage for user passwords, which could make the...

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 环境问题漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain environmental issues, which stem from vulnerabilities that can be exploited by HTTP request payload attacks...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities; these vulnerabilities stem from the lack of verification of TLS certificates, allowing HTTPS...

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 CVSS score: 9.4, an SQL injection vulnerability in...

Reversing-Toolkit

Reversing Toolkit 🔧 3 reverse engineering & binary exploita...

CVE-2025-26483

CVE-2025-26483 affects Dell PowerFlex Manager (versions 4.6.2 and earlier). The issue is an Open Redirect vulnerability that can allow an unauthenticated attacker to redirect users to arbitrary URLs, enabling phishing that could lead to data disclosure. No exploit details are provided in the docu...