Aggregator

CVE-2026-6261 | MuffinGroup Betheme Plugin up to 28.4 on WordPress ZIP File upload_icons unrestricted upload

VulDB Recent Entries
1 week 4 days ago
A vulnerability, which was classified as critical, has been found in MuffinGroup Betheme Plugin up to 28.4 on WordPress. This issue affects the function upload_icons of the component ZIP File Handler. The manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2026-6261. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2026-42435 | OpenClaw up to 2026.4.11 Environment Variable incomplete blacklist

VulDB Recent Entries
1 week 4 days ago
A vulnerability described as critical has been identified in OpenClaw up to 2026.4.11. Affected by this issue is some unknown functionality of the component Environment Variable Handler. Such manipulation leads to incomplete blacklist. This vulnerability is uniquely identified as CVE-2026-42435. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2023-54348 | Rajodiya ERPGo SaaS 3.9 CSV File vendor name csv injection (Exploit 51220)

VulDB Recent Entries
1 week 4 days ago
A vulnerability marked as critical has been reported in Rajodiya ERPGo SaaS 3.9. Affected by this vulnerability is an unknown functionality of the component CSV File Handler. This manipulation of the argument vendor name causes csv injection. This vulnerability is handled as CVE-2023-54348. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2023-54347 | OpenEMR 7.0.1 Main Login Endpoint authUser/clearPass excessive authentication (Exploit 51413)

VulDB Recent Entries
1 week 4 days ago
A vulnerability categorized as problematic has been discovered in OpenEMR 7.0.1. This affects an unknown function of the component Main Login Endpoint. Executing a manipulation of the argument authUser/clearPass can lead to improper restriction of excessive authentication attempts. This vulnerability appears as CVE-2023-54347. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2023-54344 | Eclipse equinox OSGi up to 3.7.2 Console Interface missing authentication (Exploit 51879)

VulDB Recent Entries
1 week 4 days ago
A vulnerability was found in Eclipse equinox OSGi up to 3.7.2. It has been rated as critical. The impacted element is an unknown function of the component Console Interface. Performing a manipulation results in missing authentication. This vulnerability is reported as CVE-2023-54344. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2023-54342 | Eclipse equinox OSGi up to 3.18 Console Interface missing authentication (Exploit 51878)

VulDB Recent Entries
1 week 4 days ago
A vulnerability was found in Eclipse equinox OSGi up to 3.18. It has been declared as critical. The affected element is an unknown function of the component Console Interface. Such manipulation leads to missing authentication. This vulnerability is documented as CVE-2023-54342. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2023-54346 | Backupbliss WordPress Plugin Backup Migration 1.2.8 on WordPress Configuration File file information disclosure (Exploit 51445)

VulDB Recent Entries
1 week 4 days ago
A vulnerability was found in Backupbliss WordPress Plugin Backup Migration 1.2.8 on WordPress. It has been classified as problematic. Impacted is an unknown function of the component Configuration File Handler. This manipulation causes file and directory information exposure. This vulnerability is registered as CVE-2023-54346. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2023-54345 | Frappe ERPNext 13.4.0 call /app/server-script gi_frame code injection (Exploit 51580)

VulDB Recent Entries
1 week 4 days ago
A vulnerability was found in Frappe ERPNext 13.4.0 and classified as critical. This issue affects some unknown processing of the file /app/server-script of the component call Handler. The manipulation of the argument gi_frame results in code injection. This vulnerability is cataloged as CVE-2023-54345. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

The Hackers News
1 week 4 days ago
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don't see it. Your MFA doesn't stop it. And when an attacker gets hold of one, they don't need a password. OAuth
The Hacker News

How the Story of a USB Penetration Test Went Viral

darkreading
1 week 4 days ago
Two decades ago, pen tester Steve Stasiukonis caused a sensation by sprinkling rigged thumb drives around a credit union parking lot and following what curious employees did next. This episode looks back at the history-making event.
Dark Reading Editorial Team

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

The Hackers News
1 week 4 days ago
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code
The Hacker News

VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers

Help Net Security
1 week 4 days ago

VIAVI Solutions has announced the launch of its next-generation CyberFlood CF1000 Appliance, a native 400G security and application performance test platform for the validation of multi-terabit security and AI data center infrastructures at scale. Developed for network equipment vendors, hyperscale data center operators and service providers, the CyberFlood CF1000 enables OSI Layer 4-7 validation of critical infrastructure under real-world encrypted and dynamic mixed traffic conditions including Next-Generation Firewalls (NGFWs), Application Delivery Controllers (ADCs), DDoS mitigation … More →

The post VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers appeared first on Help Net Security.

Industry News

Managed ad