Aggregator

CVE-2026-2593 | Greenshift Plugin up to 12.8.5 on WordPress Block Attribute _gspb_post_css cross site scripting (EUVD-2026-9887)

Vuldb Updates
2 weeks 3 days ago
A vulnerability was found in Greenshift Plugin up to 12.8.5 on WordPress and classified as problematic. This affects the function _gspb_post_css of the component Block Attribute Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-2593. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2026-29613 | OpenClaw up to 2026.2.11 BlueBubbles missing authentication (GHSA-xc7w-v5x6-cc87)

Vuldb Updates
2 weeks 3 days ago
A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.2.11. Affected by this issue is some unknown functionality of the component BlueBubbles. Executing a manipulation can lead to missing authentication. This vulnerability is tracked as CVE-2026-29613. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2026-29609 | OpenClaw up to 2026.2.13 fetchWithGuard allocation of resources (GHSA-j27p-hq53-9wgc)

Vuldb Updates
2 weeks 3 days ago
A vulnerability was found in OpenClaw up to 2026.2.13 and classified as problematic. This vulnerability affects the function fetchWithGuard. The manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2026-29609. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-29611 | OpenClaw up to 2026.2.13 /etc/passwd sendBlueBubblesMedia mediaPath file inclusion (GHSA-rwj8-p9vq-25gv)

Vuldb Updates
2 weeks 3 days ago
A vulnerability was found in OpenClaw up to 2026.2.13 and classified as problematic. This impacts the function sendBlueBubblesMedia of the file /etc/passwd. Executing a manipulation of the argument mediaPath can lead to file inclusion. This vulnerability is tracked as CVE-2026-29611. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-29610 | OpenClaw up to 2026.2.13 Environment Variable uncontrolled search path (GHSA-jqpq-mgvm-f9r6)

Vuldb Updates
2 weeks 3 days ago
A vulnerability was found in OpenClaw up to 2026.2.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Environment Variable Handler. This manipulation causes uncontrolled search path. This vulnerability is registered as CVE-2026-29610. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-3606 | Ettercap 0.8.4-Garofalo etterfilter ef_output.c add_data_segment out-of-bounds (Issue 1297 / EUVD-2026-9938)

Vuldb Updates
2 weeks 3 days ago
A vulnerability, which was classified as problematic, has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2026-3606. Local access is required to approach this attack. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-3385 | wren-lang wren up to 0.4.0 src/vm/wren_compiler.c resolveLocal recursion (Issue 1218 / EUVD-2026-9120)

Vuldb Updates
2 weeks 3 days ago
A vulnerability was found in wren-lang wren up to 0.4.0. It has been declared as problematic. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. This vulnerability is known as CVE-2026-3385. Attacking locally is a requirement. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Messenger can warn you about sketchy links without knowing what you clicked

Help Net Security
2 weeks 3 days ago

Meta’s Advanced browsing protection (ABP) helps Messenger identify and warn users about potentially harmful websites they open from a chat. Malicious sites can try to steal passwords, collect personal information, or install malware. Advanced browsing protection (Source: Meta) “In its standard setting, Safe Browsing uses on-device models to analyze malicious links shared in chats. But we’ve extended this further with an advanced setting called Advanced Browsing Protection (ABP) that leverages a continually updated watchlist of … More →

The post Messenger can warn you about sketchy links without knowing what you clicked appeared first on Help Net Security.

Anamarija Pogorelec

Unity游戏逆向进阶 - IL2CPP逆向技术详解

先知技术社区
2 weeks 3 days ago
随着 Unity 引擎的发展和游戏安全需求的提升,越来越多的 Unity 游戏开始采用 IL2CPP 打包方式。IL2CPP(Intermediate Language to C++)是 Unity 从 2014 年开始引入的一项技术,它将 C# 的中间语言(IL)代码转化为 C++ 代码,然后再编译成机器码,从而大大提高了代码的安全性和运行性能。相比 Mono 打包方式,IL2CPP 打包的游戏

Kali Linux Enhances AI-driven Penetration Testing with Local Ollama, 5ire, and MCP Kali Server

Cyber Security News
2 weeks 3 days ago

The Kali Linux team has published a new entry in its growing LLM-driven security series, this time eliminating all reliance on third-party cloud services by running large language models entirely on local hardware. The guide demonstrates how security professionals can use natural language to drive penetration testing tools, all processed on-premise, with no data leaving […]

The post Kali Linux Enhances AI-driven Penetration Testing with Local Ollama, 5ire, and MCP Kali Server appeared first on Cyber Security News.

Guru Baran

Managed ad