Aggregator

Vulnerability / Cyber AttackThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Th

A vulnerability, which was classified as critical, was found in frangoteam FUXA up to 1.2.9. Affected by this issue is some unknown functionality of the component SCADA/HMI/Dashboard. The manipulation results in path traversal. This vulnerability is known as CVE-2026-25895. It is possible to launch the attack remotely. Furthermore, an exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Cockpit. Affected is an unknown function of the component Remote Login. The manipulation results in os command injection. This vulnerability is known as CVE-2026-4631. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. "An attacker could exploit this vulnerability if they are able to send

Vulnerability / Network SecurityCisco has rolled out updates for a maximum-severity security flaw

A vulnerability has been found in dartiss Draft List Plugin 2.6.3 on WordPress and classified as problematic. This impacts an unknown function. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-9104. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in helgatheviking KIA Subtitle Plugin up to 4.0.1 on WordPress. This affects the function before of the component Shortcode Handler. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-7509. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in shapedplugin Location Weather Plugin up to 3.0.2 on WordPress. The impacted element is the function splw_update_block_options. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-7249. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in manchumahara CBX 5 Star Rating & Review Plugin up to 1.0.7 on WordPress. The affected element is an unknown function. Such manipulation of the argument page leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-6864. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Проблема годами таилась в исходных файлах и обходила даже строгие ревизии кода.

A vulnerability classified as problematic has been found in burlingtonbytes WP Blockade Plugin up to 0.9.14 on WordPress. Impacted is the function render_shortcode_preview of the component Endpoint. This manipulation of the argument shortcode causes cross site scripting. This vulnerability is handled as CVE-2026-3481. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in ZTE MU5250 BD_FLYMODEMV1.0.0B27. This issue affects some unknown processing of the component Configuration Handler. The manipulation results in information disclosure. This vulnerability is known as CVE-2026-44409. Access to the local network is required for this attack. No exploit is available.

A vulnerability marked as problematic has been reported in pftool Alfie Plugin up to 1.2.1 on WordPress. This vulnerability affects the function alfie_manage of the component GET Parameter Handler. The manipulation of the argument delete leads to cross-site request forgery. This vulnerability is traded as CVE-2026-4070. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in themewant Easy Elements for Elementor Plugin up to 1.4.5 on WordPress. This affects the function easyel_handle_register of the component Login/Register. Executing a manipulation can lead to improper privilege management. This vulnerability appears as CVE-2026-9018. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in wpxpo FastX Plugin up to 1.0.2 on WordPress. Affected by this issue is the function ultp_install_callback of the component Plugin Installation Handler. Performing a manipulation results in missing authorization. This vulnerability is reported as CVE-2026-2518. The attack is possible to be carried out remotely. No exploit exists.

NASA 证实国际空间站的俄罗斯舱段再次发生漏气事故。过去五年俄罗斯航天局和 NASA 一直在追踪俄罗斯舱段的空气泄漏，漏气的舱段位于 Progress（进步号）气闸舱和 Zvezda（星辰号）服务舱之间的 PrK 模块，漏气原因是微小的结构裂缝。今年 1 月 NASA 宣布在多次检查和密封处理后 PrK 舱段的内部压力已经稳定，不再漏气。然而 PrK 舱段的漏气情况在三周前再次出现。NASA 表示它正与俄罗斯航天局协调后续处理步骤。此次事件再次引发了对国际空间站长期生存能力的担忧。

NASA 证实国际空间站的俄罗斯舱段再次发生漏气事故。过去五年俄罗斯航天局和 NASA 一直在追踪俄罗斯舱段的空气泄漏，漏气的舱段位于 Progress（进步号）气闸舱和 Zvezda（星

智谱推出GLM-5.1高速版：400 tokens/s智谱宣布面向部分企业客户推出GLM-5.1高速版API“GLM-5.1-highspeed”，模型输出速度达到400 tokens/s。智谱称，这

A vulnerability marked as critical has been reported in insyde Kernel. Affected by this vulnerability is an unknown functionality of the component AhciBusDxe. This manipulation causes memory corruption. This vulnerability appears as CVE-2022-29276. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in insyde Kernel. Affected by this issue is some unknown functionality of the component NvmExpressDxe Driver. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-29278. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.