CVE-2026-32950

CVE-2026-32950 affects SQLBot prior to 1.7.0, where an authenticated user can trigger a critical SQL Injection in the /api/v1/datasource/uploadExcel endpoint. The root cause is unsanitized Excel sheet names concatenated into PostgreSQL table names and embedded into COPY statements via f-strings i...

CVE-2025-13320

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

CVE-2025-13320 WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

CVE-2025-13320

CVE-2025-13320 : WP User Manager for WordPress is vulnerable to Authenticated Arbitrary File Deletion via the current_user_avatar parameter in profile updates. The issue arises from insufficient validation of user-supplied file paths and improper handling of array inputs in PHP, enabling attacker...

CVE-2025-13320 WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

Asymmetry Vulnerability and Physical Attacks on Online Map Construction for Autonomous Driving

High-definition maps provide precise environmental information essential for prediction and planning in autonomous driving systems. Due to the high cost of labeling and maintenance, recent research has turned to online HD map construction using onboard sensor data, offering wider coverage and mor...

Embedded Malicious Package

Overview @toptal/picasso-provider is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

📄 AnyCommand 1.2.7 Remote Code Execution

AnyCommand version 1.2.7 contains critical vulnerabilities enabling unauthenticated attackers to achieve remote code execution. The exploit bypasses weak 6-digit PIN authentication through bruteforcing, then abuses the command interface to simulate keystrokes for command execution and payload...

Cryptanalysis of a Lattice-Based PIR Scheme for Arbitrary Database Sizes

Private Information Retrieval PIR schemes enable users to securely retrieve files from a server without disclosing the content of their queries, thereby preserving their privacy. In 2008, Melchor and Gaborit proposed a PIR scheme that achieves a balance between communication overhead and...

Brazilian Banking Trojan Communicates Via Microsoft SQL Server

Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control C&C server and a full-screen social-engineering overlay form. Researchers at IBM X-Force research on Tuesday revealed that attackers are using...

Wannacry depth of analysis: the first stage tasksche-vulnerability warning-the black bar safety net

WannaCry ransomware is a 2017 of the most popular ransomware, which uses a Microsoft vulnerability in the global range attacks make the world more than 100 countries, hundreds of thousands of users by the impact. Has a global range of network security education for all. As a security industry...