Aggregator

A vulnerability, which was classified as problematic, was found in Code Snippets Plugin up to 3.9.4 on WordPress. The impacted element is the function Cloud_Search_List_Table. Executing a manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2026-1785. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Docus Plugin up to 1.0.6 on WordPress. The affected element is an unknown function of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-1888. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in TYDAC MAP+ up to 3.4.0. Impacted is an unknown function of the component PDF Export. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-0521. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in WP Duplicate Plugin up to 1.1.8 on WordPress. This issue affects the function process_add_site. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-1499. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. This vulnerability is reported as CVE-2026-2063. The attack can be launched remotely. Moreover, an exploit is present.

Submit #745108 / VDB-344631

A new open-source Python tool named EpsteIn enables users to check if their LinkedIn connections appear in over 3.5 million pages of Jeffrey Epstein court documents recently released by the U.S. Department of Justice. Developed by Christopher Finke, it runs locally to prioritize privacy amid rising interest in OSINT for network validation. EpsteIn indexes mentions […]

The post New Epstein Tool Searches LinkedIn Connections Against 3.5 Million Pages Epstein Files appeared first on Cyber Security News.

A vulnerability marked as problematic has been reported in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-2062. The attack can be initiated remotely. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.

Общая теория относительности объяснила, почему планет вокруг двойных звезд почти не существует.

Submit #744720 / VDB-344623

Security teams have discovered an active spam campaign that uses fake PDF documents to trick users into installing remote monitoring and management (RMM) software. The campaign targets organizations by sending emails containing PDF attachments that appear to be invoices, receipts, or important documents. When victims open these files, they see a message claiming the document […]

The post Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access appeared first on Cyber Security News.

A vulnerability labeled as critical has been found in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. This vulnerability is registered as CVE-2026-2061. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #744719 / VDB-344622

A vulnerability identified as critical has been detected in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-2060. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2026-2059. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. It has been rated as critical. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. This vulnerability is tracked as CVE-2026-2058. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #744286 / VDB-344621

Submit #744262 / VDB-344620

Submit #744261 / VDB-344619

Submit #744236 / VDB-344618