Aggregator

A vulnerability has been found in MisterTea Eternal Terminal up to 6.1.x and classified as problematic. Impacted is an unknown function of the component IPC Socket Handler. Performing a manipulation results in race condition. This vulnerability is known as CVE-2022-24951. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Adversaries commenced the exploitation of a critical vulnerability within Weaver E-cology a mere few days following the release

The post The Five-Day Race: Hackers Weaponize Critical Weaver E-cology RCE via Exposed Debugging API appeared first on Penetration Testing Tools.

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the "/papi/esearch/data/devops/

A seemingly innocuous file transmitted via a support chat escalated into a significant crisis for DigiCert. An adversary

The post The Support Chat Trap: How a “Customer Screenshot” Led to a Critical Code-Signing Breach at DigiCert appeared first on Penetration Testing Tools.

A vulnerability labeled as problematic has been found in foux Publish 2 Ping.fm Plugin up to 1.1 on WordPress. Affected by this issue is some unknown functionality of the file /wp-admin/options-general.php?page=admin.php of the component Setting Handler. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2026-6702. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in bitacre WP-Clippy Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This affects the function clippy of the component Shortcode Handler. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-5505. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in sszdh Simple Owl Shortcodes Plugin up to 2.1.1 on WordPress. It has been rated as problematic. This impacts the function owls_wrapper of the component Shortcode Handler. Performing a manipulation of the argument num results in cross site scripting. This vulnerability is known as CVE-2026-6255. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Oracle MCP Server Helper Tool up to 1.0.156. Affected by this vulnerability is an unknown functionality. This manipulation causes privilege escalation. This vulnerability is registered as CVE-2026-35228. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in timwhitlock Loco Translate Plugin up to 2.8.2 on WordPress. Affected by this issue is the function findSourceFile. Such manipulation leads to path traversal. This vulnerability is documented as CVE-2026-1921. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in phpsandeepkumar Blog Settings Plugin up to 1.0 on WordPress. This affects an unknown part of the component Setting Handler. This manipulation of the argument page causes cross site scripting. The identification of this vulnerability is CVE-2026-6704. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ahmadgb GeekyBot Plugin up to 1.2.0 on WordPress. It has been rated as critical. The affected element is an unknown function. This manipulation of the argument attributekey causes sql injection. This vulnerability is handled as CVE-2026-3456. The attack can be initiated remotely. There is not any exploit available.

Новые фиды доступны пользователям PT Fusion и могут применяться при расследовании инцидентов.

In an ironic twist of fate, hackers attempted to coerce the architects of Grand Theft Auto, only to

The post The Billion-Dollar Blunder: How Hackers Inadvertently Sent Rockstar Games Stock Soaring with GTA Revenue Leaks appeared first on Penetration Testing Tools.

Google has published the May 2026 Android Security Bulletin, alerting the ecosystem to a highly severe remote code execution (RCE) flaw. Tracked as CVE-2026-0073, this critical vulnerability resides deep within the core Android System component. It allows an attacker to gain remote shell access without requiring a single tap, download, or click from the device […]

The post Critical Android Zero-Click Vulnerability Grants Remote Shell Access appeared first on Cyber Security News.

The Wasabi Protocol was divested of millions of dollars within mere minutes, a catastrophe precipitated not by a

The post Zero Delay, Total Loss: How a Compromised Key and a Disabled Timelock Cost Wasabi Protocol $5 Million appeared first on Penetration Testing Tools.

GnuTLS 12漏洞CVE-2026-33846|Sentry SSO CVSS9.1|FreeBSD dhclient RCE|Apache MINA反序列化|Qinglong活跃利用

A vulnerability has been found in PaperCut Hive up to 2.1.x and classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in sensitive information in log files. This vulnerability is cataloged as CVE-2026-7824. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in PaperCut NG and MF up to 25.0.10. Affected is an unknown function of the component Account Synchronization Component. Such manipulation leads to absolute path traversal. This vulnerability is listed as CVE-2026-6418. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Saleswonder WebinarIgnition Plugin up to 4.08.253 on WordPress. This impacts an unknown function. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-40797. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in PaperCut NG and MF up to 24.1.8/25.0.9. This affects an unknown function. The manipulation results in time-of-check time-of-use. This vulnerability is identified as CVE-2026-6180. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.