Aggregator

A vulnerability has been found in axiomthemes Smart SEO Plugin up to 2.9 on WordPress and classified as critical. The affected element is an unknown function. This manipulation causes improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is registered as CVE-2026-28117. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in firassaidi WooCommerce License Manager Plugin up to 7.0.6 on WordPress. The affected element is an unknown function. The manipulation results in unrestricted upload. This vulnerability is identified as CVE-2026-28114. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in loopus WP Attractive Donations System Plugin up to 1.25 on WordPress and classified as critical. This impacts an unknown function. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-28115. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ThemeREX Dr.Patterson Plugin up to 1.3.2 on WordPress and classified as critical. The impacted element is an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is documented as CVE-2026-28120. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in axiomthemes Nirvana Plugin up to 2.6 on WordPress. It has been rated as critical. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2026-28119. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in axiomthemes Welldone Plugin up to 2.4 on WordPress. This issue affects some unknown processing. Executing a manipulation can lead to improper control of filename for include/require statement in php program ('php remote file inclusion'). The identification of this vulnerability is CVE-2026-28118. The attack may be launched remotely. There is no exploit available.

速修复

速修复

400 ученых пытаются остановить наше цифровое будущее.

A series of drone strikes on Amazon Web Services data center facilities in the United Arab Emirates and Bahrain triggered one of the most severe cloud outages in AWS history, knocking out or degrading more than 109 services across the ME-CENTRAL-1 region beginning March 1, 2026, and leaving thousands of enterprise customers scrambling to migrate […]

The post AWS Middle East (UAE) Region Hit by Drone Strikes, 109 Services Disrupted appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in Huawei HarmonyOS 6.0.0. This issue affects some unknown processing of the component Print Module. Performing a manipulation results in improper access controls. This vulnerability is reported as CVE-2026-24924. The attack requires a local approach. No exploit exists.

The Federal Bureau of Investigation seized the LeakBase cybercrime forum in an international crackdown led by Europol. The Federal Bureau of Investigation seized the LeakBase cybercrime forum (leakbase[.]la), a platform used to trade hacking tools and stolen data. The action formed part of “Operation Leak,” an international effort coordinated by Europol involving authorities from 14 […]

近日，国家信息安全漏洞库（CNNVD）收到关于Langflow 安全漏洞（CNNVD-202602-4530、CVE-2026-27966）情况的报送。

A vulnerability marked as critical has been reported in Membership Plugin up to 3.2.18/3.2.20 on WordPress. Affected by this issue is the function rcp_setup_registration_init of the component POST Parameter Handler. This manipulation of the argument rcp_level causes missing authorization. This vulnerability is tracked as CVE-2026-1321. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Page and Post Clone Plugin up to 6.3 on WordPress. Affected by this vulnerability is the function content_clone. The manipulation of the argument meta_key results in sql injection. This vulnerability is identified as CVE-2026-2893. The attack can be executed remotely. There is not any exploit available.

Beazley Security has announced its Exposure Management product, which delivers continuous, automated discovery and intelligence-driven exposure notifications to help security teams accelerate risk mitigation in an era where AI-assisted attackers have compressed the time between vulnerability disclosure, weaponization, and exploitation. The product, validated with clients over the past eight months, is the first in an expanding suite of capabilities targeting internal and external exposures, third-party supplier risks, and leaked credentials that may be available on … More →

The post Beazley Exposure Management platform identifies external exposures and prioritizes cyber risk appeared first on Help Net Security.

Иран привыкает к цифровому средневековью.

Cisco has released a critical security advisory warning of a severe vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw allows an unauthenticated, remote attacker to bypass authentication and execute script files, thereby gaining full root access to the underlying operating system. The vulnerability, tracked as CVE-2026-20079, stems from an improper system process […]

The post Cisco Secure Firewall Management Vulnerability Allow Attackers to Bypass Authentication appeared first on Cyber Security News.

活动时间：2026年3月09日 10点 - 3月18日 18点