Aggregator

Bitchat  готовится к автономному распространению.

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [

A vulnerability has been found in Forminator Forms Plugin up to 1.50.2 on WordPress and classified as problematic. This impacts an unknown function. The manipulation of the argument form_name leads to cross site scripting. This vulnerability is listed as CVE-2026-2002. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, was found in EventPrime Plugin up to 4.2.8.4 on WordPress. This affects the function ep_upload_file_media of the component AJAX Endpoint. Executing a manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2026-1657. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in Zarinpal Gateway for WooCommerce Plugin up to 5.0.16 on WordPress. The impacted element is the function Return_from_ZarinPal_Gateway of the component Payment Call Handler. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2026-2592. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in Apache NiFi up to 2.7.2. The affected element is an unknown function of the component Component Update Handler. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-25903. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. Impacted is an unknown function of the file iptools.cgi of the component POST Request Handler. This manipulation of the argument IP causes cross site scripting. The identification of this vulnerability is CVE-2019-25392. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as problematic has been identified in Smoothwall Express 3.1-SP4-polar-x86_64-update9. This issue affects some unknown processing of the file interfaces.cgi. The manipulation of the argument GREEN_ADDRESS/GREEN_NETMASK/RED_DHCP_HOSTNAME/RED_ADDRESS/DNS1_OVERRIDE/DNS2_OVERRIDE/RED_MAC/RED_NETMASK/DEFAULT_GATEWAY/DNS1/DNS2 results in cross site scripting. This vulnerability was named CVE-2019-25390. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as problematic has been reported in Smoothwall Express 3.1-SP4-polar-x86_64-update9. This vulnerability affects unknown code of the file timedaccess.cgi. The manipulation of the argument MACHINES leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-25389. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as problematic has been found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. This affects an unknown part of the file outgoing.cgi. Executing a manipulation of the argument MACHINE/MACHINECOMMENT can lead to cross site scripting. This vulnerability is handled as CVE-2019-25385. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in Smoothwall Express 3.1-SP4-polar-x86_64-update9. Affected by this issue is some unknown functionality of the file time.cgi of the component POST Request Handler. Performing a manipulation of the argument NTP_SERVER results in cross site scripting. This vulnerability is known as CVE-2019-25382. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in Smoothwall Express 3.1-SP4-polar-x86_64-update9. Affected by this vulnerability is an unknown functionality of the file preferences.cgi of the component POST Request Handler. Such manipulation of the argument HOSTNAME/KEYMAP/OPENNESS leads to cross site scripting. This vulnerability is traded as CVE-2019-25395. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. It has been rated as problematic. Affected is an unknown function of the file modem.cgi of the component POST Request Handler. This manipulation of the argument INIT/HANGUP/SPEAKER_ON/SPEAKER_OFF/TONE_DIAL/PULSE_DIAL causes cross site scripting. This vulnerability appears as CVE-2019-25394. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. It has been declared as problematic. This impacts an unknown function of the file smoothinfo.cgi of the component POST Request Handler. The manipulation of the argument WRAP/SECTIONTITLE results in cross site scripting. This vulnerability is reported as CVE-2019-25393. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. It has been classified as problematic. This affects an unknown function of the file ipblock.cgi. The manipulation of the argument SRC_IP/COMMENT leads to cross site scripting. This vulnerability is documented as CVE-2019-25388. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Smoothwall Express 3.1-SP4-polar-x86_64-update9 and classified as problematic. The impacted element is an unknown function of the file xtaccess.cgi of the component POST Request Handler. Executing a manipulation of the argument EXT/DEST_PORT/COMMENT can lead to cross site scripting. This vulnerability is registered as CVE-2019-25387. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in Smoothwall Express 3.1-SP4-polar-x86_64-update9 and classified as problematic. The affected element is an unknown function of the file dmzholes.cgi of the component POST Request Handler. Performing a manipulation of the argument SRC_IP/DEST_IP/COMMENT results in cross site scripting. This vulnerability is cataloged as CVE-2019-25386. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. Impacted is an unknown function of the file portfw.cgi of the component POST Request Handler. Such manipulation of the argument EXT/SRC_PORT_SEL/SRC_PORT/DEST_IP/DEST_PORT_SEL/COMMENT leads to cross site scripting. This vulnerability is listed as CVE-2019-25384. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. This issue affects some unknown processing of the file hosts.cgi of the component POST Request Handler. This manipulation of the argument IP/HOSTNAME/COMMENT causes cross site scripting. This vulnerability is tracked as CVE-2019-25381. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as problematic was found in Smoothwall Express 3.1-SP4-polar-x86_64-update9. This vulnerability affects unknown code of the file urlfilter.cgi of the component POST Request Handler. The manipulation of the argument REDIRECT_PAGE/CHILDREN results in cross site scripting. This vulnerability is identified as CVE-2019-25379. The attack can be executed remotely. Additionally, an exploit exists.