Aggregator

A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown functionality of the component UI. This manipulation causes use after free. This vulnerability is handled as CVE-2026-8511. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Palo Alto GlobalProtect App and Global Protect App on Windows and classified as problematic. Affected is an unknown function. Performing a manipulation results in untrusted search path. This vulnerability is identified as CVE-2026-0251. The attack is only possible with local access. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic was found in Mattermost up to 10.11.13/11.5.1/11.5.x. Affected is an unknown function of the component API Endpoint. The manipulation results in operation on a resource after expiration. This vulnerability was named CVE-2026-4053. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.13/11.4.3/11.5.1/11.5.x. Affected by this vulnerability is an unknown functionality of the component SVG File Handler. This manipulation causes improper check for unusual conditions. The identification of this vulnerability is CVE-2026-4054. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

The KDE ecosystem has secured a grant totaling €1,285,200 from the Sovereign Tech Fund, a German public-interest entity

The post KDE Secures €1.2M Sovereign Tech Fund Grant to Build a Windows Alternative appeared first on Penetration Testing Tools.

A vulnerability was found in WP Maps Plugin up to 4.9.2 on WordPress. It has been declared as critical. Affected is an unknown function. The manipulation results in path traversal. This vulnerability is known as CVE-2026-6381. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

中国电商希音正从美国服装零售商 Everlane 的大股东L Catterton手中收购该公司。这项交易对总部位于旧金山的Everlane估值约为1亿美元，较其在电商热潮高峰时期的估值大幅缩水。知情人

Proprietors of WordPress e-commerce platforms have fallen under siege due to a critical vulnerability discovered in the Funnel

The post Magecart Attack: Critical Flaw in FunnelKit Plugin Sparks Credit Card Skimming on 40,000+ WooCommerce Sites appeared first on Penetration Testing Tools.

Skip to contentSign InPersonal

A new major release of PolarProxy is out with a self-contained single-file binary, expanded platform support (musl/ARM64), and improved container and service plumbing. PolarProxy is a transparent TLS/SSL inspection proxy built for incident responders, malware analysts and security researchers. It de[...]

,  Monday, 18 May 2026 07:01:00 (UTC/GMT)

ARG 即侵入现实游戏（Alternate Reality Game），是一种基于现实世界，融合各种多媒体（如网站、电话、社交媒体等）技术的互动式解谜游戏。由于其与现实的高度结合所带来的沉浸感，一直以

A vulnerability was found in Autoptimize Plugin up to 3.1.14 on WordPress. It has been classified as problematic. This impacts an unknown function of the component Regular Expression Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-3220. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Ajax Load More Plugin up to 7.8.3 on WordPress and classified as problematic. This affects an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-6495. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

The development framework Next.js has remediated a critical security vulnerability, designated as CVE-2026-44578, which afflicts applications deployed on

The post Open Proxy Risk: High-Severity Next.js SSRF Flaw Exposes Cloud Metadata Endpoints appeared first on Penetration Testing Tools.

A vulnerability has been found in WP Photo Album Plus Plugin 9.1.11.0 on WordPress and classified as critical. The impacted element is an unknown function. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-6379. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Feeds for YouTube Plugin up to 2.6.3 on WordPress. The affected element is the function actions of the component License Key Handler. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-1631. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

«Деньги не тронем. Пока что» — обещает OpenAI.

The Federal Bureau of Investigation (FBI) has executed a remote reset of thousands of domestic and small-office routers

The post Operation Masquerade: FBI Executes Remote Reset on Thousands of Routers to Purge Russian Malware appeared first on Penetration Testing Tools.