Aggregator

A vulnerability was found in Beaver Builder Page Builder Plugin up to 2.10.0.5 on WordPress. It has been rated as problematic. Affected by this vulnerability is the function save_global_settings. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1231. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in SlimStat Analytics Plugin up to 5.3.1 on WordPress. It has been declared as critical. Affected is an unknown function. Executing a manipulation of the argument args can lead to sql injection. This vulnerability is registered as CVE-2025-13431. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Gallery by FooGallery Plugin up to 3.1.9 on WordPress. It has been classified as problematic. This impacts the function ajax_get_gallery_info. Performing a manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-15524. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Lucky Wheel Giveaway Plugin up to 1.0.22 on WordPress and classified as critical. This affects an unknown function. Such manipulation of the argument conditional_tags leads to privilege escalation. This vulnerability is listed as CVE-2025-14541. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as critical has been detected in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id causes sql injection. The identification of this vulnerability is CVE-2026-2115. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results in sql injection. This vulnerability was named CVE-2026-2114. The attack may be performed from remote. In addition, an exploit is available.

本文提出了CEAM方法对齐非连续性的多漏洞数据源的信息。CEAM方法针对传统实体对齐方法在适应不同知识图谱的结构差异，传统GNN假设在跨平台漏洞数据中不成立等问题，提出了非对称掩码聚合方法和分区注意力机制。

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may

Теперь мерзнуть вместо нас будут железяки.

System Center Configuration Manager (SCCM) 作为企业级内网的“总调度站”，其强大的自动化运维能力在安全视角下是一把双刃剑。一旦攻击者通过渗透手段介入 SCCM 控制链，其攻击面将覆盖从单一终端到整个域环境的资产

Ivan 所在的油轮去年 11 月运载 75 万桶俄罗斯原油从远东前往中国，国际运输工人联盟(International Transport Workers' Federation，ITF) 在得知船员已经几个月没有拿到工资后于 12 月宣布油轮废弃。这艘油轮目前停留在国际水域，由于受到多方密切关注中国不允许其靠岸。ITF 已经帮助 Ivan 和其他船员拿到了 12 月的工资，运送了食物、饮用水和其它生活必需品。部分船员已经回国，包括 Ivan 在内的大部分船员仍然滞留在船上。根据 ITF 的统计，2016 年全球共有 20 艘船遗弃。但到 2025 年这一数字飙升至 410 艘，6223 名商船海员沦为受害者。这两个数字比 2024 年增长了近三分之一。油轮遗弃的主要原因是地缘政治不稳定。类似 Ivan 被困的油轮，大部分船东身份不明、船龄老旧、可能没有保险，在监管不严的国家如巴拿马、利比里亚和马绍尔群岛注册。冈比亚在 2023 年没有任何油轮，但到了 2025 年 3 月，该国注册的油轮达到了 35 艘。根据国际海事组织（IMO）的指导方针，如果海员至少两个月合同工资未支付，就构成了遗弃。2025 年因油轮遗弃印度籍海员受影响人数最多有 1125 人，占总数的 18%。菲律宾（539人）和叙利亚（309人）位列第二和第三。

Threat hunting is widely recognized as one of the most important capabilities of a mature SOC. It uncovers stealthy attackers early, reduces dwell time, and prevents security incidents from impacting the business. Yet, in practice, many organizations find that their threat hunting efforts don’t consistently deliver these outcomes.  Let’s take a look at how high-performing security teams make threat hunting more repeatable, measurable, and effective.  Why Threat Hunting Programs Often Fail Before They Start  […]

The post How to Build Threat Hunting that Defends Your Organization Against Real Attacks appeared first on ANY.RUN's Cybersecurity Blog.

Currently trending CVE - Hype Score: 15 - Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and ...

Microsoft wants to introduce smartphone-style app permission prompts in Windows 11 to request user consent before apps can access sensitive resources such as files, cameras, and microphones. [...]

This article examines the widespread collection of personal data and the legal challenges individuals face from third-party subpoenas. It discusses key court rulings on government access to personal information and highlights the complexities of data privacy in the digital age.

The post How the Supreme Court’s “Third Party” Subpoena Doctrine Empowers Governments to Seize Sensitive Information Without Your Knowledge appeared first on Security Boulevard.

A vulnerability identified as critical has been detected in Node.js up to 25.2.1. This affects an unknown part of the component Unix Domain Socket Handler. The manipulation leads to permission issues. This vulnerability is listed as CVE-2026-21636. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in Node.js. Impacted is an unknown function. Performing a manipulation results in uninitialized pointer. This vulnerability is known as CVE-2025-55131. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Node.js. The affected element is an unknown function. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2025-59465. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Node.js up to 20.19.6/22.21.1/24.12.0/25.2.1. Affected by this issue is the function futimes. Executing a manipulation can lead to permission issues. This vulnerability is tracked as CVE-2025-55132. The attack can be launched remotely. No exploit exists.

A vulnerability labeled as problematic has been found in Node.js up to 25.2.1. This vulnerability affects the function async_hooks.createHook. The manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-59466. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.