Aggregator

A vulnerability marked as problematic has been reported in ProfileGrid Plugin up to 5.9.3 on WordPress. This issue affects some unknown processing. This manipulation causes missing authorization. This vulnerability is handled as CVE-2024-49273. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in Rextheme WP VR Plugin up to 8.5.4 on WordPress. Impacted is an unknown function. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-49293. The attack can be launched remotely. No exploit exists.

Четыре голландских города начали отказываться от программ крупных международных разработчиков.

关键词勒索2026年3月，网络安全形势全面升级。勒索软件攻击同比暴涨25%，单日数据泄露事件高达68起，32个攻击者疯狂作案。

关键词隐私泄露OpenClaw因图标是一只红色龙虾，被网友形象称为"龙虾"。

关键词VPN2026年4月3日，俄罗斯监管机构在对VPN的打击行动中调整防火墙拦截策略，然而策略失误导致防火墙

今天的司机有很多方法躲避超速相机的监测，比如手机应用程序能提前通知司机前方有测速相机，司机随后放慢车速，通过之后再加速行驶。为了遏制此类行为，越来越多的地方开始推出测量均速的相机系统：跟踪同一辆汽车在多个监控点之间的均速，如果均速超过限速 10 英里/时或以上，则对相关车辆开出罚单。美国科罗拉多州于 2023 年通过法律允许使用自动车辆识别系统计算汽车在不同摄像头之间的均速，去年底交警开始正式对超速行驶的汽车开罚单。罚款为 75 美元，不扣分，罚单将开给车主，不管驾驶汽车的司机是谁。地图软件如 TomTom 也对此采取了应对措施，为司机提供测均速区域的均速信息。

PrivKit PrivKit is an open-source tool that empowers red teamers and penetration testers to quickly identify common Windows

The post PrivKit: simple beacon object file that detects privilege escalation vulnerabilities appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. This vulnerability was named CVE-2026-5692. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. This vulnerability is uniquely identified as CVE-2026-5691. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. This vulnerability is handled as CVE-2026-5690. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. This vulnerability is known as CVE-2026-5689. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. This vulnerability is traded as CVE-2026-5688. The attack may be launched remotely. Furthermore, there is an exploit available.

Компания F6 зафиксировала массовые атаки группы Hive0117 на российских бухгалтеров.

A vulnerability was found in Linux Kernel up to 7.0-rc4. It has been classified as critical. The affected element is the function ksmbd_session_lookup_all of the component ksmbd. The manipulation leads to state issue. This vulnerability is listed as CVE-2026-31409. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 7.0-rc2. It has been declared as critical. The impacted element is the function handle_one_ule_extension. The manipulation of the argument ule_mandatory_ext_handlers[]/ule_optional_ext_handlers[] results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-31405. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in projectworlds Car Rental Project 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. This vulnerability is documented as CVE-2026-5634. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in projectworlds Car Rental System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. This vulnerability is traded as CVE-2026-5637. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in HerikLyma CPPWebFramework up to 3.1. It has been rated as critical. This issue affects some unknown processing. Performing a manipulation results in path traversal. This vulnerability is known as CVE-2026-5638. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as critical has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. This vulnerability is handled as CVE-2026-5639. The attack can be executed remotely. Additionally, an exploit exists.