Aggregator

A vulnerability was found in Iulia Cazan Latest Post Shortcode Plugin up to 14.2.1 on WordPress. It has been classified as critical. This vulnerability affects the function latest-post-shortcode of the component Shortcode Handler. Performing a manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-31916. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in immonex Kickstart Plugin up to 1.13.0 on WordPress. Impacted is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-31918. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in dagu-org dagu. It has been declared as critical. This issue affects some unknown processing. Such manipulation of the argument dagRunId leads to path traversal. This vulnerability is traded as CVE-2026-31886. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Honeywell IQ4x BMS Controller. The impacted element is an unknown function of the component Web-based HMI. Performing a manipulation results in missing authentication. This vulnerability is cataloged as CVE-2026-3611. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Apache Livy 0.7.x/0.8.x and classified as critical. This affects an unknown function of the component Spark Configuration. Such manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-60012. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Apache Livy up to 0.8.x. It has been classified as critical. This impacts an unknown function. Performing a manipulation results in path traversal. This vulnerability was named CVE-2025-66249. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in TP-Link SG2008P 3.2x, SG2008P 3.3x, SX3016F 1.3x, SX3016F 1.2x, SG3428 2.4x, SG3428XMP 3.3x, SG3428X 1.4x, SG3428XF 1.3x, SG3452P 3.4x, SG3428MP 6.3x, SG2218P 2.2x, SG2016P 1.3x, SG3452XP 2.3x, SG3428XMPP 1.2x, SG3452X 1.3x, SG2008 4.3x, SG3210 3.3x, SG2210MP 5.2x, SG2210P 5.3x, SG2218 1.3x, SG3452 1.3x, SG3210X-M2 1.2x, SG2210XMP-M2 1.x, SG2008 4.2x, SG2218P 1.2x, SG3210 3.2x, SG3428X-M2 1.2x, SX3832MPP 1.x, SG2218 1.2x, SX3832 1.x, SG2428LP 1.x, SL2428P 6.2x, SG3218XP-M2 1.x, SG3210XHP-M2 3.x, SG2218P 2.x, SG3210X-M2 1.x, SG2428P 5.3x, SG2210MP 4.2x, SG3452P 3.3x, SG3452 1.2x, SG2452LP 1.x, SX3032F 1.x, SG3452X 1.2x, SG3452XMPP 1.x, SG3428XPP-M2 1.2x, TL-SG3452P 3.0, SG2428P 5.2x, SG2210MP 5.x, SG2005P-PD 1.x, SG2016P 1.2x, SG3452XP 2.2x, SG3428XMP 3.2x, SG3428X 1.3x, SG3428XF 1.2x, SG3428MP 6.2x, TL-SG3428MP 5.x, SG3428 2.3x, SG3428XMPP 1.x, TL-SG2428P 4.x, SG2210P 5.2x, SX3008F 1.2x and SX3206HPP 1.20. This affects an unknown part of the component Web Interface. Such manipulation leads to improper input validation. This vulnerability is referenced as CVE-2026-1668. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability was found in undici 1.js and classified as problematic. The affected element is an unknown function in the library lib/dispatcher/client-h1.js of the component HTTP Service. Such manipulation leads to crlf injection. This vulnerability is traded as CVE-2026-1527. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in undici. Affected by this issue is the function isValidClientWindowBits. Such manipulation leads to uncaught exception. This vulnerability is referenced as CVE-2026-2229. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

嗯，用户让我总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”之类的开头。我得先仔细读一下文章。 文章主要讲的是一个数据泄露事件，影响了130万个账户，发生在2026年3月。然后推荐了几个应对措施：立即更改密码、启用两步验证、使用密码管理器比如1Password来生成和存储强密码。 用户的需求是简明扼要地总结内容，所以我要抓住关键点：泄露的时间、受影响的账户数量，以及推荐的三个行动。还要注意字数限制，不能超过100字。 可能用户是普通读者，想快速了解发生了什么以及该怎么做。他们可能不太熟悉技术术语，所以用词要简单明了。 最后，确保总结直接描述内容，不加多余的话。比如：“文章指出一起影响130万个账户的数据泄露事件，并建议用户立即更改密码、启用两步验证，并使用密码管理器保护账户安全。” 这样既涵盖了所有关键信息，又符合用户的格式要求。 文章指出一起影响130万个账户的数据泄露事件，并建议用户立即更改密码、启用两步验证，并使用密码管理器保护账户安全。

A vulnerability identified as critical has been detected in PublishPress Capabilities Plugin up to 2.31.0 on WordPress. This issue affects some unknown processing. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-32394. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability identified as critical has been detected in RadiusTheme Team Plugin up to 5.0.13 on WordPress. Impacted is an unknown function. This manipulation causes missing authorization. This vulnerability is registered as CVE-2026-32396. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in BoldGrid Client Invoicing by Sprout Invoices Plugin up to 20.8.9 on WordPress and classified as critical. Affected is an unknown function. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is cataloged as CVE-2026-32401. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Subrata Mal TeraWallet Plugin up to 1.5.15 on WordPress. This affects an unknown function. Performing a manipulation results in race condition. This vulnerability was named CVE-2026-32398. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Wavlink WL-WN579A3 220323. It has been classified as critical. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2026-4163. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

A series of intrusions in early 2026 in which threat actors compromised FortiGate Next-Generation Firewalls (NGFW) to establish persistent footholds within enterprise environments. Each case was intercepted during the lateral movement phase before the attackers could fully achieve their objectives. The attack wave uncovered by SentinelOne closely tracks three high-severity Fortinet vulnerabilities disclosed between December […]

The post FortiGate Firewalls Exploited in Wave of Attacks to Breach Networks and Steal Credentials appeared first on Cyber Security News.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内。首先，我需要通读整篇文章，理解其主要观点和结构。 文章以轻小说《今夜，即使这份恋情从世界消散》中的女主日野真织为例，她患有顺行性遗忘症，每天必须通过日记来维持记忆。作者将AI模型比作患有重度顺行性遗忘症的数字真织，每次对话都是重生。 接着，文章解释了AI模型的工作原理：无状态机制、上下文拼接、键值缓存（KV Cache）以及上下文窗口的限制。还提到了OpenClaw框架如何赋予AI本地持久化记忆和自主行动力，但带来了高计算成本的问题。 最后，文章讨论了提示词注入和AI微调对模型的影响，指出AI的记忆是工程化的假象，但痕迹永存。 总结时要抓住关键点：AI模型的无状态特性、上下文处理机制、OpenClaw的挑战以及AI记忆的本质。控制在100字以内，直接描述内容。 文章通过轻小说《今夜，即使这份恋情从世界消散》中的女主日野真织患顺行性遗忘症的故事，类比大语言模型（LLM）的本质：每次对话都是重生，依赖上下文拼接和键值缓存实现连续性。文章还探讨了长上下文窗口的挑战、OpenClaw框架赋予AI自主行动力的成本问题以及提示词注入对AI灵魂的篡改。

小小四被同学坑了一把，问了她一个超级难的逻辑迷题。她跑来问我，我要是会做，太阳能打西边出来。

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.0.7. The impacted element is the function rxe_recheck_mr. Executing a manipulation can lead to information disclosure. This vulnerability is tracked as CVE-2022-49929. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.0.7. Affected is the function free_mr_init. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2022-49930. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.