Aggregator

A vulnerability was found in Tungsten Automation Kofax Capture 6.0.0.0. It has been classified as critical. This affects an unknown function of the component Ascent Capture Service. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-23751. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Navneil Naicker ACF Galerie 4 Plugin up to 1.4.2 on WordPress. This affects an unknown function. The manipulation results in missing authorization. This vulnerability is identified as CVE-2025-62104. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical was found in SocialEngine up to 7.8.0. This vulnerability affects unknown code of the file /activity/index/get-memberall. The manipulation of the argument text results in sql injection. This vulnerability is reported as CVE-2026-41460. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in CODESYS EtherNetIP 4.1.0.0. This issue affects some unknown processing of the component TCP Connection Handler. This manipulation causes improper check for unusual conditions. This vulnerability appears as CVE-2026-35225. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in SocialEngine up to 7.8.0. Impacted is an unknown function of the file /core/link/preview of the component Request Parameter Handler. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-41461. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Yadea T5 Electric Bicycles and classified as critical. The affected element is an unknown function of the component Keyless Entry System. Performing a manipulation results in authentication bypass by capture-replay. This vulnerability is known as CVE-2025-70994. Access to the local network is required for this attack. No exploit is available.

A vulnerability classified as problematic was found in Microsoft ASP.NET Core up to 10.0.6. The impacted element is an unknown function. The manipulation results in improper verification of cryptographic signature. This vulnerability is identified as CVE-2026-40372. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in pipecat-ai pipecat up to 0.0.93 and classified as critical. The impacted element is the function deserialize of the file src/pipecat/serializers/livekit.py of the component Pickle Handler. Executing a manipulation can lead to deserialization. This vulnerability is handled as CVE-2025-62373. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]

Poisoned packages and pipeline perils in this month's edition of Intelligence Insights.

The group, which researchers at cybersecurity firm ESET named GopherWhisper, has been active since at least November 2023 and was discovered in January 2025 after investigators found a previously unknown backdoor on the network of a Mongolian government institution.

一张看似普通的图片、一段正常播放的音频，背后竟能藏下机密信息？

Ностальгия по древним системам переходит в боевой режим.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability has been found in Yadea T5 Electric Bicycles and classified as critical. The affected element is an unknown function of the component Keyless Entry System. Performing a manipulation results in authentication bypass by capture-replay. This vulnerability is known as CVE-2025-70994. Access to the local network is required for this attack. No exploit is available.

A vulnerability, which was classified as critical, was found in SocialEngine up to 7.8.0. Impacted is an unknown function of the file /core/link/preview of the component Request Parameter Handler. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-41461. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in CODESYS EtherNetIP 4.1.0.0. This issue affects some unknown processing of the component TCP Connection Handler. This manipulation causes improper check for unusual conditions. This vulnerability appears as CVE-2026-35225. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in SocialEngine up to 7.8.0. This vulnerability affects unknown code of the file /activity/index/get-memberall. The manipulation of the argument text results in sql injection. This vulnerability is reported as CVE-2026-41460. The attack can be launched remotely. No exploit exists.