Aggregator

A vulnerability labeled as critical has been found in Automattic Jetpack. Affected by this issue is some unknown functionality. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2014-0173. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in FitNesse Wiki 20131110/20140201. This affects an unknown part. Performing a manipulation of the argument pageContent results in command injection. This vulnerability was named CVE-2014-1216. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in vTiger CRM 6.0.0. This vulnerability affects unknown code. Executing a manipulation can lead to improper input validation. The identification of this vulnerability is CVE-2014-2269. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according to the F-Secure Scam Intelligence & Impacts Report 2026. Most common channels for scam attempts (Source: F-Secure) The United States recorded the highest exposure levels among surveyed markets. Younger consumers reported higher scam activity … More →

The post The scam economy has found its AI upgrade appeared first on Help Net Security.

Currently trending CVE - Hype Score: 1 - Bio.Entrez in Biopython through 186 allows doctype XXE.

Currently trending CVE - Hype Score: 1 - Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the ...

Чтобы украсть чужие секреты, теперь не требуется даже пароль.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of April, attackers rapidly exploited the critical […]

A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. [...]

OpenAI придумала, как продать пентест корпорациям.

4月│月报 谛听工控安全月报上线了，工信部的最新政策，4月发生的多起工控安全事件，谛听团队收集的最新攻击教据......更多安全资讯，请关注“谛听ditecting",每月更新!

ShinyHunters gets away with emails and other data on 200,000 Zara customers

A vulnerability was found in PHP up to 8.4.20/8.5.5. It has been classified as critical. The impacted element is the function mb_convert_encoding/mb_detect_encoding/mb_convert_variables/mb_detect_order. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2026-6104. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. It has been declared as critical. This affects the function strncat of the component PDO Firebird Driver. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2025-14179. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. This affects an unknown part of the component SOAP Extension. This manipulation causes use after free. This vulnerability is registered as CVE-2026-6722. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. This issue affects some unknown processing of the component SOAP Request Handler. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2026-7261. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Lexbor up to 2.6.x. This impacts an unknown function. Such manipulation of the argument qualified_name leads to type confusion. This vulnerability is listed as CVE-2026-29079. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. Affected by this issue is some unknown functionality. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-6735. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. It has been rated as problematic. This impacts the function mb_regex_encoding. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2026-7259. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in PHP up to 8.4.20/8.5.5. Affected by this vulnerability is the function DOMNode::C14N. The manipulation leads to denial of service. This vulnerability is listed as CVE-2026-7263. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.