Aggregator

A vulnerability classified as critical has been found in ThimPress LearnPress Plugin up to 4.3.5 on WordPress. Affected by this vulnerability is the function add_to_cart of the component REST API Endpoint. The manipulation leads to authorization bypass. This vulnerability is listed as CVE-2026-7648. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in unitecms Unlimited Elements for Elementor Plugin up to 2.0.7 on WordPress and classified as critical. This impacts the function normalizeAjaxInputData. The manipulation of the argument filter_search leads to sql injection. This vulnerability is traded as CVE-2026-5486. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Alinto SOGo up to 5.12.6. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c_password results in sql injection. This vulnerability is reported as CVE-2026-46446. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability described as critical has been identified in joedolson My Calendar Plugin up to 3.7.9 on WordPress. Affected is an unknown function of the component POST Request Handler. Executing a manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2026-7525. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in smub Envira Gallery Plugin up to 1.12.4 on WordPress. Affected by this issue is the function update_gallery_data of the component REST API. The manipulation of the argument arrows results in cross site scripting. This vulnerability is cataloged as CVE-2026-5361. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in OpenStack Ironic. The impacted element is an unknown function. This manipulation causes incorrect behavior order. The identification of this vulnerability is CVE-2026-44919. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability labeled as problematic has been found in Yubico webauthn-server-core 2.8.0/2.8.1. This affects an unknown function. Such manipulation leads to incorrect check of function return value. This vulnerability is referenced as CVE-2026-46419. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Alinto SOGo up to 5.12.6. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-46445. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in KDDI あんしんフィルタ. This impacts an unknown function. This manipulation causes cleartext transmission of sensitive information. This vulnerability is tracked as CVE-2026-41281. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

小米卢伟冰：下半年部分国产旗舰直板手机价格或将破万5月16日，小米集团总裁卢伟冰在直播中表示，今年下半年，尤其是年底，可能有一些国产旗舰直板手机的价钱会突破一万元人民币。针对小米17 Max价格会不会

Name: NorthSec 2026 (an NorthSec CTF event.)
Date: May 15, 2026, midnight — 17 May 2026, 23:00 UTC  [add to calendar]
Format: Hack quest
On-site
Location: Canada, Montreal
Offical URL: https://nsec.io/competition/
Rating weight: 0.00
Event organizers: NorthSec Organizers

Name: TJCTF 2026 (an TJCTF event.)
Date: May 15, 2026, 4 p.m. — 17 May 2026, 16:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://tjctf.org/
Rating weight: 65.05
Event organizers: tjcsc

Name: UralCUP 2026 // Quals (an UralCUP event.)
Date: May 17, 2026, 5 a.m. — 17 May 2026, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: Russia
Offical URL: https://uralctf.org/
Rating weight: 0
Event organizers: TyumGUard

This week on the Lock and Code podcast…In May of last year, a warning about AI came from

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19-rc4. This impacts the function free_choose_arg_map. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-22991. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.65/6.18.5/6.19-rc4. Affected by this issue is the function nfsd4_revoke_states of the component nfsd. Such manipulation leads to state issue. This vulnerability is documented as CVE-2026-22989. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19-rc4 and classified as critical. This vulnerability affects the function dev_hard_header of the component arp. Executing a manipulation can lead to improper initialization. This vulnerability appears as CVE-2026-22988. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19-rc4. It has been classified as critical. This issue affects the function osdmap_apply_incremental of the component libceph. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2026-22990. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.