Aggregator

Vulnerability / Web SecurityA maximum-severity security vulnerability impacting LiteSpeed User-End

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. "Any cPanel user (including an attacker or a compromised account) may

活动，“笑傲内核”小组核心成员陈雪原将代表小组出席活动，进行主题分享《DMA Buffer Cache同步的批处理优化及高通平台的实践》。2026年5月30日，深圳《

Vulnerability / Website SecurityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) h

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core. "Drupal Core

根据《全国人口普查条例》及国务院办公厅要求，中国于2025年11月1日开展了全国1%人口抽样调查。公报公布了此次调查推算的人口主要数据：全国人口为140545万人，男性占51.03%，女性占48.97

New StorybyAstounding StoriesbyAstounding Stories@astoundingstoriesDare to dream. Dare to go where

A vulnerability, which was classified as critical, was found in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-9342. The attack may be launched remotely. Furthermore, there is an exploit available.

Видеокарта Lisuan LX 7G100 получила 12 ГБ памяти и собственную архитектуру, но драйверы и производительность пока ограничивают её возможности.

Submit #812834 / VDB-365305

Submit #812258 / VDB-361917

A vulnerability, which was classified as critical, has been found in Wishlist Member Plugin up to 3.30.1 on WordPress. This issue affects the function export_settings of the component REST API. The manipulation leads to improper privilege management. This vulnerability is listed as CVE-2026-6895. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Wishlist Member Plugin up to 3.30.1 on WordPress. This vulnerability affects the function WishListMember3_Hooks::generate_api_key of the component REST API. Executing a manipulation can lead to improper privilege management. This vulnerability is tracked as CVE-2026-6898. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in Wishlist Member Plugin up to 3.30.1 on WordPress. This affects the function Team_Accounts of the component REST API. Performing a manipulation results in improper privilege management. This vulnerability is identified as CVE-2026-6897. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in Wishlist Member Plugin up to 3.30.1 on WordPress. Affected by this issue is the function ajax_get_screen of the component Administrative API. Such manipulation leads to improper privilege management. This vulnerability is referenced as CVE-2026-6419. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as critical has been reported in Microsoft SharePoint Enterprise Server. Affected by this vulnerability is an unknown functionality. This manipulation causes deserialization. The identification of this vulnerability is CVE-2026-45659. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in nukeviet CMS up to 4.5.7. Affected is an unknown function of the component Contact Module. The manipulation results in cross site scripting. This vulnerability was named CVE-2026-41147. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Microsoft Azure Resource Manager. This impacts an unknown function. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2026-47280. The attack is possible to be carried out remotely. No exploit exists. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A vulnerability categorized as critical has been discovered in Microsoft 365 Copilot. This affects an unknown function. Executing a manipulation can lead to command injection. This vulnerability is handled as CVE-2026-42827. The attack can be executed remotely. There is not any exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.