Aggregator

A vulnerability labeled as problematic has been found in WP Last Modified Info Plugin up to 1.9.5 on WordPress. This affects the function bulk_save. Such manipulation of the argument post_ids leads to improper control of resource identifiers. This vulnerability is listed as CVE-2025-14608. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in Easy Form Builder Plugin up to 3.9.3 on WordPress. Affected by this issue is some unknown functionality. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-14067. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in StickEasy Protected Contact Form Plugin up to 1.0.1/1.0.2 on WordPress. Affected by this vulnerability is an unknown functionality of the file wp-content/uploads/stickeasy-protected-contact-form/spcf-log.txt. The manipulation results in information disclosure. This vulnerability is identified as CVE-2025-13973. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in BFG Tools Plugin up to 1.0.7 on WordPress. It has been rated as critical. Affected is the function zip of the file /wp-content/plugins/. The manipulation of the argument first_file leads to path traversal. This vulnerability is referenced as CVE-2025-13681. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Santesoft Sante DICOM Viewer Pro 14.2.0. It has been declared as critical. This impacts an unknown function of the component DCM File Parser. Executing a manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2026-2034. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MLflow. It has been classified as critical. This affects an unknown function of the component Artifact Handler. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-2033. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in HP App on Android and classified as problematic. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-1578. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Kanboard up to 1.2.49 and classified as problematic. The affected element is the function TaskCreationController::duplicateProjects of the component Incomplete Fix CVE-2023-33968. This manipulation causes missing authorization. This vulnerability is handled as CVE-2026-25531. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support […]

Шах и мат, литий-ионные батареи!

Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. [...]

中国载人航天办公室宣布于 2 月 11 日成功完成了长征十号运载火箭系统低空演示验证与梦舟载人飞船系统最大动压逃逸飞行试验，其中火箭第一级在分离之后重新点燃助推器，减速缓慢降落在停留的回收驳船附近，第一级于 2 月 13 日成功回收，这是中国首次在海上实施运载火箭搜索回收任务，朝着火箭可重复使用迈出了重要一步。长征十号运载火箭主要用于载人月球探测任务，此次测试的是其缩小版，梦舟飞船则将取代目前使用的神舟飞船。长征十号第一级以及梦舟都设计可重复使用多次。

Он не пишет код за вас, а буквально предугадывает желания в реальном времени.

科学家警告地球正接近气候变化的临界点，越过临界点可能会导致全球暖化失控，无法遏制，世界将陷入地狱般的温室地球气候，将与过去 1.1 万年人类文明经历的温和气候截然不同。最近几年地球气温只上升了 1.3 摄氏度，但极端天气已经在全球范围内夺走大量生命和摧毁无数人的生计。如果气温上升的幅度达到 3-4 摄氏度，那么经济和社会将无法像我们所熟知的那样运转。科学家表示，何时触发临界点难以预测，但最重要是采取预防措施，大幅削减化石燃料的消耗。

Currently trending CVE - Hype Score: 3 - A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Кажется, теперь из фейсбука нельзя уйти даже вперед ногами.