Aggregator

A vulnerability classified as critical was found in Ruhul Amin My Album Gallery Plugin up to 1.0.4 on WordPress. This affects an unknown part. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-22485. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Metagauss EventPrime Plugin up to 4.2.6.0 on WordPress. This vulnerability affects unknown code. Performing a manipulation results in missing authorization. This vulnerability is known as CVE-2025-69358. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in pebas Lisfinity Core Plugin up to 1.5.0 on WordPress and classified as critical. Impacted is an unknown function. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-22484. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in GitLab Enterprise Edition up to 18.8.6/18.9.2/18.10.0. It has been declared as critical. This affects an unknown function. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-1724. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.11/11.2.3/11.3.1/11.4.0/11.4.x. Affected by this vulnerability is an unknown functionality. Such manipulation leads to improper check for unusual conditions. This vulnerability is documented as CVE-2026-20719. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in G5Theme Zorka Plugin up to 1.5.7 on WordPress. It has been classified as problematic. Impacted is an unknown function. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-69096. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in wphocus My Auctions Allegro Plugin up to 3.6.35 on WordPress. It has been declared as problematic. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-22491. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in HYPR up to 10.6. This affects an unknown function. Executing a manipulation can lead to incorrect privilege assignment. The identification of this vulnerability is CVE-2026-1712. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

好，我需要帮用户总结这篇文章的内容，控制在100字以内。首先，文章主要讲的是Axios开源库被黑客攻击了。Axios是一个非常流行的HTTP客户端库，每月下载量超过3亿次。黑客通过NPM仓库发布了两个带毒的版本，分别是[email protected]和[email protected]。这些版本并没有直接添加恶意代码，而是注入了一个隐藏的依赖项[email protected]，这个依赖项会偷偷安装远程访问木马。 接下来，文章提到如果用户在3月31日左右安装或更新了这两个版本的Axios，就需要立即采取措施降级，并且轮换所有密钥，甚至重建环境。NPM官方已经删除了恶意依赖项，但目前Axios的主要开发者还没有回应，所以还不清楚账号是如何被泄露的，以及是否已经采取了补救措施。 最后，文章给出了六条安全建议：降级到安全版本、移除恶意依赖项、检查是否被感染、搜索可疑文件、添加防御措施以及轮换密钥和重建环境。 总结起来，文章主要讲述了Axios开源库被黑客攻击的情况、影响范围以及应对措施。 Axios开源库遭黑客攻击，发布带毒版本植入远程木马。开发者需立即降级并检查环境安全。

Статья объясняет, как сайты и провайдеры выявляют использование VPN по IP, DNS- и WebRTC-утечкам, геолокации и DPI, зачем это делают сервисы и банки.

Notepad++ has officially released version 8.9.3, delivering critical security patches, structural performance enhancements, and resolutions for persistent crash issues. This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s auto-update mechanism against documented vulnerabilities. Notepad++ v8.9.3 Release The most notable security implementation in version […]

The post Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues appeared first on Cyber Security News.

Axios 遭遇供应链攻击：被投毒版本植入 RA

嗯，用户发来一个请求，让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我得理解用户的需求是什么。看起来他们可能是在处理某个环境异常的问题，需要快速了解文章内容。 接下来，我注意到用户提供的文章内容主要是关于环境异常的提示，说完成验证后可以继续访问，并有一个“去验证”的链接。所以，文章的核心信息应该是关于环境异常和验证的必要性。 然后，我要考虑如何在一百个字以内准确传达这个信息。可能需要提到环境异常、验证的重要性以及继续访问的条件。同时，避免使用“文章内容总结”这样的开头，直接进入主题。 最后，检查一下是否符合所有要求：字数控制、直接描述、不使用特定开头。确保总结清晰简洁，让用户一目了然。 当前环境出现异常问题，需完成验证后才能继续访问。

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要用“文章内容总结”之类的开头。直接写描述就行。那我得先看看文章的内容。 文章标题是“环境异常”，里面提到当前环境异常，完成验证后可以继续访问，还有个“去验证”的按钮。看起来像是一个提示信息，让用户进行验证才能继续使用服务。 那我得把这些信息浓缩一下。首先说明环境异常，然后指出需要完成验证才能继续访问。这样应该能涵盖主要内容了。 控制在100字以内的话，可能需要精简一些词汇。比如“当前环境异常”可以简化为“环境异常”。然后提到验证和继续访问。 最后检查一下是否符合要求：没有使用特定的开头，直接描述内容，字数控制在100字以内。 环境异常提示用户需完成验证后才能继续访问。

嗯，用户发来一个请求，让我帮忙总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。看起来他可能是在寻找快速获取文章要点的方式，可能是在做研究或者需要快速了解内容。 首先，我需要理解用户提供的文章内容。文章标题是“环境异常”，里面提到当前环境异常，完成验证后可以继续访问，并有一个“去验证”的链接。这可能意味着用户遇到了某种安全验证的问题，比如常见的验证码或者二次验证。 接下来，我要分析用户的深层需求。他可能是一个普通用户，在访问某个网站时遇到了环境异常的提示，需要快速了解情况。或者他可能是在处理技术支持的问题，需要简洁明了的信息来帮助他人解决问题。 然后，我要考虑如何将这些信息浓缩到100字以内。关键点包括环境异常、验证完成后继续访问以及提供的验证链接。我需要用简洁的语言表达这些内容，同时保持信息的完整性。 最后，我会组织语言，确保总结既准确又简洁。比如：“当前环境异常需完成验证后才能继续访问。” 这样既涵盖了主要信息，又符合用户的格式要求。 当前环境异常需完成验证后才能继续访问。

CNNVD确认！360漏洞挖掘智能体发现OpenClaw新高危漏洞

网络安全企业出海，请阅读

网安企业出海，请阅读

Команда решилась на меры, которые ранее казались немыслимыми.

Android Malware Research Director Alice | Israel | On-site – View job details As an Android Malware Research Director, you will establish operational processes, workflows, and quality standards for the team, while integrating the function into existing infrastructure. You will act as the primary client interface, managing relationships, presenting research findings, and ensuring client satisfaction. Cloud Information Security Engineer HedgeServ | Ireland | Hybrid – View job details As a Cloud Information Security Engineer, you … More →

The post Cybersecurity jobs available right now: March 31, 2026 appeared first on Help Net Security.