Aggregator

A vulnerability labeled as very critical has been found in OpenClaw, Clawdbot and Moltbot up to 2026.1.28. This impacts an unknown function of the component Websocket Connection Handler. Such manipulation of the argument gatewayUrl leads to incorrect resource transfer. This vulnerability is uniquely identified as CVE-2026-25253. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Samsung Electronics MagicINFO 9 Server 21.1050/21.1052/21.1080.0. This affects an unknown function. This manipulation causes unrestricted upload. This vulnerability is handled as CVE-2026-25201. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in RaspAP raspap-webgui up to 3.3.5. The impacted element is an unknown function. The manipulation results in os command injection. This vulnerability is known as CVE-2026-24788. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in User Profile Builder Plugin up to 3.15.1 on WordPress. It has been rated as critical. The affected element is an unknown function of the component Password Reset Handler. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-15030. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Red Hat Satellite 6. It has been declared as critical. Impacted is an unknown function of the component foreman_kubevirt. Executing a manipulation can lead to improper certificate validation. This vulnerability appears as CVE-2026-1531. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Red Hat Satellite 6. It has been classified as critical. This issue affects some unknown processing of the component fog-kubevirt. Performing a manipulation results in improper certificate validation. This vulnerability is reported as CVE-2026-1530. The attack is possible to be carried out remotely. No exploit exists.

Хакеры больше не хотят просто денег, они хотят, чтобы всё сломалось.

Explore StrongestLayer's threat intelligence report highlighting the rise of email security threats exploiting trusted platforms like DocuSign and Google Calendar. Learn how organizations can adapt to defend against these evolving cyber risks.

The post StrongestLayer: Top ‘Trusted’ Platforms are Key Attack Surfaces appeared first on Security Boulevard.

This issue seems to be a false positive. Please check the referenced sources and consider omitting this entry entirely. The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.

Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all. The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.

This issue is likely a false positive. Please verify the cited sources and consider not including this entry. The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.

日本反盗版组织 CODA(文化产品海外流通促进机构) 宣布，上海警方去年 11 月拘留了一名广西男子，该男子被控运营了最大的动漫盗版网站 BATO.TO。BATO.TO 不只是一个网站，它包含了 xbato.com、bato.to 和 mangapark.io 等 60 个网站。这名男子已获释，他承认运营了这些网站，未来将面临正式诉讼。警方已扣押该男子的电脑，还在继续调查，分析服务器确定更多运营者身份。在该男子拘留之后，BATO 网站仍然继续运营了一段时间，直到 1 月 19 日全部关闭。被侵权的日本出版商包括了角川集团、讲谈社、集英社、小学馆和史克威尔艾尼克斯。CODA 北京办事处应这些出版商要求向公安局提起刑事诉讼。它还寻求了腾讯旗下公司的合作。BATO 旗下网站的月访问量达到 3.5 亿次，从 2022 年 10 月到 2025 年 10 月总访问量 72 亿次。

Одностороннее движение позволит технологиям работать на предельных мощностях.

A vulnerability was found in Netis WF2409Ev4 1.0.1.705 and classified as problematic. Impacted is an unknown function of the file /etc/shadow.sample. The manipulation of the argument Password results in hard-coded credentials. This vulnerability was named CVE-2023-42336. The attack may be performed from remote. There is no available exploit.

A vulnerability labeled as critical has been found in Fl3xx Dispatch and Crew 2.10.37. Affected is an unknown function. The manipulation results in unrestricted upload. This vulnerability is identified as CVE-2023-42335. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in EliteCMS 1.01. This affects an unknown part of the file manage_uploads.php. Performing a manipulation results in unrestricted upload. This vulnerability is cataloged as CVE-2023-42331. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Fl3xx Dispatch and Crew 2.10.37. It has been declared as problematic. This impacts an unknown function. Executing a manipulation of the argument User can lead to improper control of resource identifiers. This vulnerability is handled as CVE-2023-42334. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in PeppermintLabs Peppermint up to 0.2.4. The impacted element is an unknown function of the component Session Cookie Handler. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2023-42328. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in DouHaocms 3.3. The impacted element is an unknown function of the file adminAction.class.php. Executing a manipulation can lead to cross-site request forgery. This vulnerability is tracked as CVE-2023-42323. The attack can be launched remotely. No exploit exists.

AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into three of them, BugTrace-AI, Shannon, and CAI, the Cybersecurity AI framework, and put them up against real-world targets in a lab environment. The results were better than I expected. Below is a breakdown of what each tool did well, where they fell … More →

The post Open-source AI pentesting tools are getting uncomfortably good appeared first on Help Net Security.