Aggregator

CVE-2026-28558 | gVectors wpForo Forum up to 2.4.15 SVG File Parser cross site scripting (EUVD-2026-9107)

Vuldb Updates
1 month 1 week ago
A vulnerability categorized as problematic has been discovered in gVectors wpForo Forum up to 2.4.15. This issue affects some unknown processing of the component SVG File Parser. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2026-28558. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-28559 | gVectors wpForo Forum up to 2.4.15 Global RSS Feed Endpoint ID information disclosure (EUVD-2026-9108)

Vuldb Updates
1 month 1 week ago
A vulnerability labeled as problematic has been found in gVectors wpForo Forum up to 2.4.15. The affected element is an unknown function of the component Global RSS Feed Endpoint. The manipulation of the argument ID results in information disclosure. This vulnerability was named CVE-2026-28559. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-3376 | Tenda F453 1.0.0.3 /goform/SafeMacFilter fromSafeMacFilter page buffer overflow (EUVD-2026-9112)

Vuldb Updates
1 month 1 week ago
A vulnerability labeled as critical has been found in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument page leads to buffer overflow. This vulnerability is referenced as CVE-2026-3376. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Security Affairs
1 month 1 week ago
Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code […]
Pierluigi Paganini

CVE-2026-27190 | denoland deno up to 2.6.7 child_process os command injection (GHSA-hmh4-3xvx-q5hr)

Vuldb Updates
1 month 1 week ago
A vulnerability identified as critical has been detected in denoland deno up to 2.6.7. Affected by this vulnerability is the function child_process. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2026-27190. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2026-27120 | vapor leaf-kit up to 1.4.0 Special Character cross site scripting (GHSA-4hfh-fch3-5q7p)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in vapor leaf-kit up to 1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Special Character Handler. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-27120. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-14577 | Slican NCP/IPL/IPM/IPU prior 1.24.0190 Request /webcti/session_ajax.php missing authentication

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as critical, has been found in Slican NCP, IPL, IPM and IPU. This vulnerability affects unknown code of the file /webcti/session_ajax.php of the component Request Handler. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-14577. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-28554 | gVectors wpForo Forum up to 2.4.15 AJAX wpforo_approve_ajax authorization (EUVD-2026-9103)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in gVectors wpForo Forum up to 2.4.15. It has been classified as critical. Affected by this issue is the function wpforo_approve_ajax of the component AJAX Handler. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-28554. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-28555 | gVectors wpForo Forum up to 2.4.15 wpforo_close_ajax authorization (EUVD-2026-9104)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in gVectors wpForo Forum up to 2.4.15. It has been declared as critical. This affects the function wpforo_close_ajax. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-28555. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-28556 | gVectors wpForo Forum up to 2.4.15 topic_move/topic_merge/topic_split authorization (EUVD-2026-9105)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in gVectors wpForo Forum up to 2.4.15. It has been rated as critical. This vulnerability affects the function topic_move/topic_merge/topic_split. Performing a manipulation results in missing authorization. This vulnerability is known as CVE-2026-28556. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.
vuldb.com

NIST 限制外国科学家进入其实验室

Solidot
1 month 1 week ago
过去几周在美国国家标准与技术研究院(NIST)工作的数百名外国科学家被限制进入实验室,除非有联邦雇员陪同,否则不得在晚上和周末进入实验室。部分国家的科学家最早将在本月底失去访问权限。拟议中的规则尚无书面版本,仅通过会议传达。最新变化是基于 NIST 在 2025 年更新的研究安全规则,它将中国、俄罗斯、伊朗、朝鲜、古巴、委内瑞拉和叙利亚的科学家视为“高风险”人群,中国等国的研究人员已被告知,他们的实验室访问权限将于 3 月 31 日前接受审查,如果在 NIST 工作逾 3 年或从事量子技术或 AI 等敏感项目而构成“高风险”,其访问权限将被终止。低风险国家的研究人员也面临从 9 月或 12 月起失去访问权限。NIST 研究人员不从事机密研究,NIST 前主任 Patrick Gallagher 表示看不出这么做会带来什么安全上的好处。

Anthropic’s Claude hit by widespread service outage (updated)

Help Net Security
1 month 1 week ago

Mar 03, 2026 – 08:39 UTC: A fix has been implemented and Anthropic are monitoring the results. Mar 03, 2026 – 04:43 UTC: Elevated errors in claude.ai, cowork, platform, claude code under investigation. Mar 02, 2026 – 16:50 UTC: Elevated errors on Claude Opus 4.6 under investigation.. Mar 02, 2026 – 15:25 UTC: A fix has been implemented and Anthropic are monitoring the results. Anthropic suffered widespread service disruptions Monday morning, leaving thousands of users … More →

The post Anthropic’s Claude hit by widespread service outage (updated) appeared first on Help Net Security.

Sinisa Markovic

Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat

Cyber Security News
1 month 1 week ago

Frankfurt am Main, Germany, March 2nd, 2026, CyberNewswire Link11 has published its European Cyber Report 2026, revealing that DDoS attacks reached a new level in 2025 and have become a permanent stress factor for digital infrastructures. The report shows that the number of documented attacks in the Link11 network rose by 75% in 2025, following […]

The post Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat appeared first on Cyber Security News.

Cybernewswire

亚马逊 AWS 中东数据中心遭遇火灾和断电

Solidot
1 month 1 week ago
亚马逊 AWS 披露其位于中东数据中心的一处遭遇断电一处遭遇“物体”撞击后起火。它没有披露是什么东西撞击了数据中心设施。AWS 表示它位于阿联酋的一个数据中心于 7:30 a.m. ET 遭遇撞击,撞击产生了火花和火灾,消防部门在灭火过程中切断了数据中心和发电机的电源。

Managed ad