JVN: ZLAN製ZLAN5143Dにおける複数の重要な機能に対する認証の欠如の脆弱性
ZLANが提供するZLAN5143Dには、複数の重要な機能に対する認証の欠如の脆弱性が存在します。
Aggregator
JVN: 複数のAVEVA製品における複数の脆弱性
3 months ago
AVEVAが提供する複数の製品には、複数の脆弱性が存在します。
Threat Actors Leveraging Employee Monitoring and SimpleHelp Tools to Deploy Ransomware Attacks
3 months ago
Cybercriminals are increasingly using valid administrative software to launch attacks, making their malicious activities much harder to spot. Instead of relying solely on custom computer viruses, these actors abuse legitimate workforce monitoring tools to hide inside business networks. By utilizing software designed for tracking employee productivity, they can control systems and steal sensitive data without […]
The post Threat Actors Leveraging Employee Monitoring and SimpleHelp Tools to Deploy Ransomware Attacks appeared first on Cyber Security News.
Tushar Subhra Dutta
俄罗斯屏蔽 WhatsApp
3 months ago
Meta 旗下的 WhatsApp 透露,俄罗斯正尝试全面屏蔽该消息应用。WhatsApp 以及 Telegram 都是俄罗斯最受欢迎的消息应用,用户数超过一亿。俄罗斯官方塔斯社(Tass Media)早些时候报道,俄罗斯预计在 2026 年永久封禁 WhatsApp。俄罗斯已将 WhatsApp 母公司 Meta 认定为极端组织,官员表示屏蔽 WhatsApp 是绝对正当的。俄罗斯正在努力推广本土消息应用 Max,该应用被誉为俄罗斯的微信,它组合了即时通讯和政府服务,但没有加密功能。
OpenClaw Scanner: Open-source tool detects autonomous AI agents
3 months ago
A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies instances of OpenClaw, an autonomous AI assistant also known as MoltBot, that can execute tasks, access local files, and authenticate to internal systems without centralized oversight. OpenClaw gained usage in the past few months as an AI agent capable of performing actions on behalf of users. The software can run … More →
The post OpenClaw Scanner: Open-source tool detects autonomous AI agents appeared first on Help Net Security.
Mirko Zorz
诚邀渠道合作伙伴共启新征程
3 months ago
2026-02微软漏洞通告
3 months ago
2026-02微软漏洞通告
黑吃黑:银狐组织疑似定向投毒黑灰产群体!
3 months ago
黑吃黑:银狐组织疑似定向投毒黑灰产群体!
Смерть «барьера сортировки». Как новый алгоритм победил теорию, которая правила интернетом последние 60 лет
3 months ago
Математики предложили альтернативу методу Дейкстры для графов сверхбольшой размерности.
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass
3 months ago
Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit […]
Pierluigi Paganini
CVE-2025-14892 | Prime Listing Manager Plugin up to 1.1 on WordPress privileges management
3 months ago
A vulnerability classified as critical was found in Prime Listing Manager Plugin up to 1.1 on WordPress. The affected element is an unknown function. Such manipulation leads to improper privilege management.
This vulnerability is listed as CVE-2025-14892. The attack may be performed from remote. There is no available exploit.
vuldb.com
INC
3 months ago
You must login to view this content
cohenido
INC
3 months ago
You must login to view this content
cohenido
CVE-2026-2369 | GNOME libsoup soup-content-sniffer.c sniff_unknown integer underflow
3 months ago
A vulnerability classified as critical has been found in GNOME libsoup. Impacted is the function sniff_unknown of the file libsoup/soup-content-sniffer.c. This manipulation causes integer underflow.
This vulnerability is tracked as CVE-2026-2369. The attack is only possible within the local network. No exploit exists.
vuldb.com
INC
3 months ago
You must login to view this content
cohenido
CVE-2026-2366 | Red Hat Keycloak 26.5.1 Admin API authorization
3 months ago
A vulnerability described as problematic has been identified in Red Hat Keycloak 26.5.1. This issue affects some unknown processing of the component Admin API. The manipulation results in authorization bypass.
This vulnerability is identified as CVE-2026-2366. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-1104 | FastDup Plugin up to 2.7.1 on WordPress REST API Endpoint authorization
3 months ago
A vulnerability marked as critical has been reported in FastDup Plugin up to 2.7.1 on WordPress. This vulnerability affects unknown code of the component REST API Endpoint. The manipulation leads to missing authorization.
This vulnerability is referenced as CVE-2026-1104. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-1320 | Ays Pro Secure Copy Content Protection and Content Locking Plugin Header cross site scripting
3 months ago
A vulnerability labeled as problematic has been found in Ays Pro Secure Copy Content Protection and Content Locking Plugin up to 4.9.8 on WordPress. This affects an unknown part of the component Header Handler. Executing a manipulation of the argument X-Forwarded-For can lead to cross site scripting.
The identification of this vulnerability is CVE-2026-1320. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-1316 | Customer Reviews for WooCommerce Plugin up to 5.97.0 on WordPress media[].href cross site scripting
3 months ago
A vulnerability identified as problematic has been detected in Customer Reviews for WooCommerce Plugin up to 5.97.0 on WordPress. Affected by this issue is some unknown functionality. Performing a manipulation of the argument media[].href results in cross site scripting.
This vulnerability was named CVE-2026-1316. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-1356 | Converter for Media Plugin up to 6.5.1 on WordPress load_image_source src server-side request forgery
3 months ago
A vulnerability categorized as critical has been discovered in Converter for Media Plugin up to 6.5.1 on WordPress. Affected by this vulnerability is the function PassthruLoader::load_image_source. Such manipulation of the argument src leads to server-side request forgery.
This vulnerability is uniquely identified as CVE-2026-1356. The attack can be launched remotely. No exploit exists.
vuldb.com