Aggregator

CVE-2024-49640 | AmaderCode Lab ACL Floating Cart for WooCommerce Plugin up to 0.9 on WordPress cross site scripting

Vuldb Updates
1 day 14 hours ago
A vulnerability described as problematic has been identified in AmaderCode Lab ACL Floating Cart for WooCommerce Plugin up to 0.9 on WordPress. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2024-49640. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2024-49632 | Coral Web Design CWD 3D Image Gallery Plugin up to 1.0 on WordPress cross site scripting

Vuldb Updates
1 day 14 hours ago
A vulnerability has been found in Coral Web Design CWD 3D Image Gallery Plugin up to 1.0 on WordPress and classified as problematic. This affects an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-49632. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2024-50459 | HM Plugin Stripe Donation and Payment Plugin up to 3.2.3 on WordPress authorization

Vuldb Updates
1 day 14 hours ago
A vulnerability classified as problematic was found in HM Plugin Stripe Donation and Payment Plugin up to 3.2.3 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2024-50459. The attack can be executed remotely. There is not any exploit available.
vuldb.com

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Threat intelligence | Microsoft Security Blog
1 day 15 hours ago

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure.

The post SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Threat intelligence | Microsoft Security Blog
1 day 15 hours ago

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure.

The post SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

Major outage cripples Russian banking apps and metro payments nationwide

Security Affairs
1 day 15 hours ago
A major outage hit Russian banking apps and payments, blocking card use, cash withdrawals, and mobile access for hours. A widespread outage disrupted banking apps and payment systems across Russia, leaving customers unable to pay by card, withdraw cash, or access mobile banking for hours. According to The Record Media, the incident affected major banks, […]
Pierluigi Paganini

CVE-2026-5627 | mintplex-labs anything-llm up to 1.12.0 AgentFlows index.js loadFlow/deleteFlow path traversal

VulDB Recent Entries
1 day 15 hours ago
A vulnerability categorized as problematic has been discovered in mintplex-labs anything-llm up to 1.12.0. This affects the function loadFlow/deleteFlow of the file server/utils/agentFlows/index.js of the component AgentFlows. Such manipulation leads to path traversal: '\..\filename'. This vulnerability is listed as CVE-2026-5627. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-5741 | suvarchal docker-mcp-server up to 0.1.0 HTTP Interface src/index.ts stop_container/remove_container/pull_image os command injection

VulDB Recent Entries
1 day 15 hours ago
A vulnerability was found in suvarchal docker-mcp-server up to 0.1.0. It has been rated as critical. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. This vulnerability is tracked as CVE-2026-5741. The attack is possible to be carried out remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-5739 | PowerJob 5.1.0/5.1.1/5.1.2 OpenAPI Endpoint /openApi/addWorkflowNode GroovyEvaluator.evaluate nodeParams code injection (Issue 1168)

VulDB Recent Entries
1 day 15 hours ago
A vulnerability was found in PowerJob 5.1.0/5.1.1/5.1.2. It has been declared as critical. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. This vulnerability is identified as CVE-2026-5739. The attack can be executed remotely. There is not any exploit available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad