Aggregator

Submit #803548 / VDB-360529

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bipartisan Deal Funds DHS Components After Record 75-Day Shutdown
The House passed a bipartisan bill funding the Department of Homeland Security, ending a 75-day shutdown that forced the Cybersecurity and Infrastructure Security Agency into a reactive posture and disrupted preventive cyber operations, even as workforce losses and proposed cuts threaten long-term resilience.

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses
State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw
This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.

五月繁花盛放，劳动荣光闪耀✨。 值此五一国际劳动节来临之际，向T00ls的每一位朋友致以最诚挚的节日祝福🎉！ 感谢大家在各自岗位上的坚守与付出，也感谢一路以来在论坛中的交流、分享与支持🤝。 每一份努力都值得被看见，每一次奋斗都在成就更好的未来💪。 愿大家在这个属于劳动者的节日里，收获轻松与喜悦，积蓄前行的力量🌈。 祝论坛的朋友们五一劳动节快乐，工作顺利，生活美满，所行皆坦途，所愿皆可期🌹！

A vulnerability classified as problematic has been found in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2026-7581. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.

Submit #801529 / VDB-360528

Hassan Ud-Deen |Friday, 1 May 2026

Власти ограничили поставки техники со спутниковой связью, и теперь рынок гадает, затронет ли мера обычные телефоны Apple, Google и Samsung.

A vulnerability described as problematic has been identified in Solid Plugin on WordPress. Affected by this issue is some unknown functionality of the component Parameter Handler. Executing a manipulation of the argument url can lead to cross site scripting. This vulnerability is handled as CVE-2024-13362. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Post Slider and Post Carousel with Post Vertical Scrolling Widget Plugin on WordPress. Affected by this vulnerability is an unknown functionality of the component Parameter Handler. Performing a manipulation of the argument url results in cross site scripting. This vulnerability is known as CVE-2024-13362. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Logo Showcase Plugin on WordPress. Affected is an unknown function of the component Parameter Handler. Such manipulation of the argument url leads to cross site scripting. This vulnerability is traded as CVE-2024-13362. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in AidWP Plugin on WordPress. This impacts an unknown function of the component Parameter Handler. This manipulation of the argument url causes cross site scripting. This vulnerability appears as CVE-2024-13362. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Mixed Media Gallery Blocks Plugin on WordPress. It has been rated as problematic. The impacted element is an unknown function of the component Parameter Handler. The manipulation of the argument url leads to cross site scripting. This vulnerability is documented as CVE-2024-13362. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in BlockSpare Plugin on WordPress. This affects an unknown function of the component Parameter Handler. The manipulation of the argument url results in cross site scripting. This vulnerability is reported as CVE-2024-13362. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Advanced Classifieds & Directory Pro Plugin on WordPress. It has been declared as problematic. The affected element is an unknown function of the component Parameter Handler. Executing a manipulation of the argument url can lead to cross site scripting. This vulnerability is registered as CVE-2024-13362. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.