Aggregator

A vulnerability marked as problematic has been reported in NetBox 4.3.5. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument Comment results in cross site scripting. This vulnerability is known as CVE-2025-57543. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as critical has been found in Saad Iqbal WP EasyPay Plugin up to 4.2.11 on WordPress. Affected is an unknown function. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-32587. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as critical has been detected in Webnus Modern Events Calendar Plugin up to 7.29.0 on WordPress. This impacts an unknown function. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-32583. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as problematic has been discovered in LibreChat RAG API 0.7.0. This affects an unknown function. The manipulation results in improper output neutralization for logs. This vulnerability is reported as CVE-2026-4276. The attack can be launched remotely. No exploit exists.

A vulnerability was found in HCL Unica. It has been rated as critical. The impacted element is an unknown function. The manipulation leads to sql injection. This vulnerability is documented as CVE-2025-62319. The attack can be initiated remotely. There is not any exploit available.

Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that's up for debate) that can bypass a first AV inspection.

The post Zombie ZIP method can fool antivirus during the first scan appeared first on Security Boulevard.

Microsoft is working to address an ongoing Exchange Online outage that is preventing customers from accessing their mailboxes and calendars. [...]

12 лоббистов и мешок денег – всё, что нужно, чтобы заставить всех играть по твоим правилам.

卫星互联网安全综述 by ourren

网络黑灰产犯罪阶层式证明 by ourren

更多最新文章，请访问SecWiki

FBI Watchdog Feed

将《宝可梦 GO》全球玩家 10 年间众包积累的 300 亿张带精准定位的实景影像，用于训练视觉定位系统（VPS）

Оксид галлия открывает эру супер-мощных и компактных систем слежения.

A vulnerability was found in Forcepoint Web Security up to 8.5.6 on Windows. It has been declared as problematic. The affected element is an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-2274. The attack requires access to the local network. No exploit is available.

A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0/11.3.x. It has been classified as critical. Impacted is an unknown function of the component IPv6 Address Handler. Performing a manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-2455. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Mattermost up to 10.11.10 and classified as problematic. This issue affects some unknown processing. Such manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2026-22545. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Mattermost up to 10.11.10/11.2.2/11.3.0 and classified as problematic. This vulnerability affects unknown code of the file /mute. This manipulation causes information exposure through discrepancy. This vulnerability is tracked as CVE-2026-21386. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation. The FBI is seeking gamers who downloaded Steam games later found to contain malware. According to a notice from the FBI’s Seattle Division, investigators are trying to identify victims who […]