1154138 matches found
WordPress GEO my WP plugin <= 4.5.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by ? in WordPress Plugin GEO my WordPress versions = 4.5.4...
WordPress Under Construction plugin <= 5.76 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Under Construction versions = 5.76...
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and...
WordPress miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.7.0 - Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability
Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WordPress Social Login and Register versions = 7.7.0...
CVE-2026-57076
A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...
K000162310: Linux kernel vulnerability CVE-2026-46316
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each...
FreeBSD Released the Most Security Advisories in Project History in June 2026
On average, the FreeBSD security team releases about 2 security advisories per month. AI has changed this. In April, the project released 8 advisories, with 6 powered by AI. In May, the count decreased slightly to 7. Today I took a look at the FreeBSD Security Advisory page to check the latest...
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
ACR Stealer: Two observed intrusion chains amid increased threat activity
In this article 1. Campaign 1: WebDAV-based ClickFix with Python loaders and blockchain C2 2. Campaign 2: MSHTA-initiated PowerShell chain with steganographic payload delivery 3. Mitigation and protection guidance 4. References 5. Learn more From late April 2026 to mid-June 2026, Microsoft Defend...
MAL-2026-10761 Malicious code in my-tailwind-gutenberg-block (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 964a3f6c00b9b203b2ce5d2bf2a913e877d136325b805010ef3615c2dcc6a52a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in my-tailwind-gutenberg-block (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 964a3f6c00b9b203b2ce5d2bf2a913e877d136325b805010ef3615c2dcc6a52a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-57896
An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product...
CVE-2026-61378
A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to a system crash...
CVE-2026-60073
An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory...
CVE-2026-11889
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2026-10842)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability with the appSecurity-1.0, appSecurity-2.0 , appSecurity-3.0 or appSecurity-4.0 feature enabled. Vulnerability Details CVEID:CVE-2026-10842 DESCRIPTION: IBM WebSphere...
Malicious code in abseil-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6b0ae8e92b62a5524d9ca665a07b3139a9cd4af2af0a0016dc6d425ecc2cc72e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-11889
CVE-2026-11889 concerns SALTO ProAccess Space software with the tenancy/partition feature. The issue enables privilege escalation that could let an authenticated attacker access any space managed by the affected installation. Exploitation requires valid authenticated operator credentials and the ...
EUVD-2026-45039
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...
CVE-2026-11889
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...