Aggregator

A vulnerability, which was classified as problematic, was found in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. This vulnerability is referenced as CVE-2026-5319. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in vanna-ai vanna up to 2.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-5320. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in vanna-ai vanna up to 2.0.2 and classified as critical. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. This vulnerability is tracked as CVE-2026-5321. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recently uncovered a malicious fake version of its app that targeted roughly 200 users, most of whom are in Italy. The platform confirmed that the unofficial client contained spyware and was […]

The architectural frailty within Citrix networking apparatuses, which until recently was characterized merely as a latent peril, is

The post The New CitrixBleed: Critical CVE-2026-3055 Under Active Attack to Hijack Admin Sessions appeared first on Penetration Testing Tools.

A computational architecture may fall under alien subjugation due to a ubiquitous utility pre-installed “from the factory.” A

The post Critical 9.2 Flaw in Gigabyte Control Center Grants Remote Access appeared first on Penetration Testing Tools.

A vulnerability was found in Spam Protect for Contact Form 7 Plugin up to 1.2.9 on WordPress. It has been rated as critical. The impacted element is an unknown function. This manipulation causes code injection. This vulnerability appears as CVE-2026-1540. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Питерский оператор включил расходы на ТСПУ для блокировки сайтов в структуру тарифов.

开发 LibreOffice 项目的基金会 The Document Foundation 与其主要商业合作伙伴 Collabora 之间的紧张关系在加剧：基金会取消了 Collabora 员工的会员资格，而这些员工是项目的核心开发者。LibreOffice 项目可能像它的前身 OpenOffice 那样面临分裂。The Document Foundation 官方博客称，最近批准的社区规章（Community Bylaws）要求移除与基金会存在法律纠纷的企业的员工的会员资格，原因是存在利益冲突，它希望避免进一步争论谁应该承担责任。基金会表示它在雇佣开发者，称其收到的捐款在增加。

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security

Чем опасен DarkSword и почему iOS 18.7.7 нужно ставить сейчас

苹果最近下架了多款 Vibe Coding 应用，包括 Replit、Vibecode 和 Anything。Vibe Coding 应用允许没有多少编程知识的用户利用大模型生成应用，如果顺利的话可以直接在手机上生成应用而无需通过计算机输入任何代码。苹果认为这些应用违反了它的应用商店指南 2.5.2 条款：“App 应自包含在自己的套装中，不得在指定容器范围外读取或写入数据，也不得下载、安装或执行会引入或更改 App 特性或功能的代码，包括其他 App。”

4月2日资讯导视中国国家知识产权局（CNIPA）今日发布OpenClaw风险警示，指出其默认安全配置薄弱，使用

ByteSRC反爬专测重磅开启！

Кажется, эпоха громких триумфов и раздутых рекордов окончательно подошла к концу.

A vulnerability was found in inc2734 MW WP Form Plugin up to 5.1.0 on WordPress. It has been declared as critical. The affected element is the function generate_user_filepath/move_temp_file_to_upload_dir of the component Path Validation Handler. The manipulation of the argument file upload results in path traversal. This vulnerability is reported as CVE-2026-4347. The attack can be launched remotely. No exploit exists.

Юридический триллер в мире европейского софта.

此类“以网管网”的机制必须建立算法透明度，防止AI在审核过程中因模型偏差误伤合法合规的平台商户。

泛联新安代码钟馗：新一代AI应用安全智能体，守护代码安全。

Bank Negara Malaysia’s updated RMiT framework introduces stricter authentication rules for banks and fintech apps. Learn how passkeys, adaptive MFA, device binding, and risk-based authentication help meet compliance.

The post Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks appeared first on Security Boulevard.