Aggregator

A vulnerability was found in vcita Online Booking & Scheduling Calendar Plugin up to 4.2.10 on WordPress and classified as critical. This affects an unknown part of the component REST API. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2023-2299. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in vcita Online Booking & Scheduling Calendar Plugin up to 4.2.10 on WordPress. It has been declared as problematic. This issue affects some unknown processing. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2023-2298. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in vcita Contact Form Builder Plugin up to 4.9.1 on WordPress. This impacts an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2023-2301. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in vcita Contact Form Builder Plugin up to 4.9.1 on WordPress. Affected is an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2023-2300. The attack can be launched remotely. No exploit exists.

Submit #794333 / VDB-356560

Submit #794332 / VDB-356559

Желающих помочь стало так много, что модераторы просто утонули в письмах.

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago. The vulnerability was patched in late March 2026 and there’s currently no indication that it is being actively exploited by attackers. Neveretheless, with ActiveMQ vulnerabilities having been previously leveraged for ransomware and malware attacks, organizations should … More →

The post Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) appeared first on Help Net Security.

Submit #793895 / VDB-356554

Submit #793656 / VDB-356553

Edge devices are prime targets — learn how attackers exploit the perimeter to gain access, persist, and pivot to identity.

Mallory is launching an AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: What are the real threat vectors for our organization? What’s actually exploitable in our environment right now? What should we proactively fix? The platform monitors thousands of threat sources, contextualizes them against your actual attack surface, and puts that intelligence to work across hunt, detection, and exposure management use cases. One platform. Answers, not … More →

The post Mallory brings contextual threat intelligence to security operations appeared first on Help Net Security.

Austin, Texas, United States, 9th April 2026, CyberNewswire

Submit #793558 / VDB-356552

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in

英国科学家使用来自大曼彻斯特交通局（TfGM）的真实交通数据以及开放数据集，量化了交通产生的热量对城市温度的贡献。研究结果显示，在曼彻斯特交通产生的热量在夏季使模拟气温升高了约 0.16°C，冬季升高了约 0.35°C。虽然升温幅度不大，但在极端高温事件中会产生显著影响。研究还发现，交通产生的热量不仅影响室外温度，还会影响室内温度。街道上释放的热量会传递到建筑物内，增加了夏季对空调的需求。

A vulnerability was found in SaturdayDrive Ninja Forms Plugin up to 3.3.26 on WordPress and classified as critical. The affected element is the function NF_FU_AJAX_Controllers_Uploads::handle_upload. Executing a manipulation can lead to unrestricted upload. This vulnerability is tracked as CVE-2026-0740. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in MediaTek MT6813. This affects an unknown part of the component sec boot. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-20446. An attack has to be approached locally. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in MediaTek MT6813, MT6815, MT6835, MT6878, MT6897, MT6899, MT6986, MT6991, MT6993, MT8668, MT8676, MT8678, MT8755, MT8775, MT8792, MT8793, MT8863, MT8873 and MT8883. It has been rated as critical. This impacts an unknown function of the component Base Station Handler. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2026-20431. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability categorized as critical has been discovered in MediaTek MT2735, MT2737, MT6779, MT6781, MT6783, MT6785, MT6789, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8781, MT8789, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893. Affected is an unknown function of the component Base Station Handler. Such manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-20432. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.