Aggregator

A vulnerability categorized as problematic has been discovered in StellarWP Image Widget Plugin up to 4.4.11 on WordPress. Affected by this issue is some unknown functionality. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2026-42643. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Dmitry V. Barcode Scanner with Inventory & Order Manager Plugin up to 1.11.0 on WordPress. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-42645. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ILLID Share This Image Plugin up to 2.14 on WordPress. It has been declared as critical. Affected is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2026-42641. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Steve Burge TaxoPress Plugin up to 3.44.0 on WordPress. It has been classified as critical. This impacts an unknown function. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-42646. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in StellarWP GiveWP Plugin up to 4.14.5 on WordPress and classified as problematic. This affects an unknown function. The manipulation results in missing authorization. This vulnerability is identified as CVE-2026-42642. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in WPDeveloper BetterDocs Plugin up to 4.3.10 on WordPress and classified as critical. The impacted element is an unknown function. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is referenced as CVE-2026-42644. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, was found in Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6. The affected element is an unknown function of the component Multipart Request Handler. Executing a manipulation can lead to resource consumption. The identification of this vulnerability is CVE-2026-22740. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Brainstorm Force Spectra Plugin up to 2.19.22 on WordPress. Impacted is an unknown function. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-42648. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-7400. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

Submit #803525 / VDB-360133

A vulnerability identified as problematic has been detected in CDAC-Noida e-Sushrut Hospital Management Information System. The impacted element is an unknown function of the component API Request Handler. This manipulation causes authorization bypass. This vulnerability appears as CVE-2026-42515. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, has been found in CDAC-Noida e-Sushrut Hospital Management Information System. This affects an unknown part. This manipulation of the argument encoded causes authorization bypass. The identification of this vulnerability is CVE-2026-42516. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Complianz Plugin up to 7.4.5 on WordPress. Affected by this vulnerability is the function cmplz_rest_consented_content of the component REST API Endpoint. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-4019. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in CDAC-Noida e-Sushrut Hospital Management Information System. Affected by this issue is some unknown functionality. The manipulation results in use of hard-coded cryptographic key . This vulnerability was named CVE-2026-42518. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as problematic, was found in CDAC-Noida e-Sushrut Hospital Management Information System. This vulnerability affects unknown code of the component Base64 Encoding Handler. Such manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2026-42517. It is possible to launch the attack remotely. No exploit is available.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Microsoft Windows. On April 28, 2026, the agency officially added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability impacts the Microsoft Windows Shell and is actively being exploited in real-world attacks. Organizations worldwide […]

The post CISA Warns Microsoft Windows Shell 0-click Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Submit #803495 / VDB-360123

Раньше кукла говорила «мама», теперь цитирует DeepSeek.

A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attackers to execute arbitrary system commands on vulnerable host machines. With nearly 24,000 stars on GitHub, this […]

The post Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks appeared first on Cyber Security News.