Aggregator

A vulnerability was found in davidanderson WP-Optimize Plugin up to 4.5.2 on WordPress. It has been classified as critical. This vulnerability affects the function unscheduled_original_file_deletion of the component REST API. The manipulation leads to path traversal. This vulnerability is listed as CVE-2026-7252. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as critical has been discovered in Revolution Slider Slider Revolution Plugin up to 7.0.10 on WordPress. The affected element is the function _get_media_url/_check_file_path. Such manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2026-6692. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in MongoDB Server up to 8.2.6. Affected by this vulnerability is an unknown functionality of the component Aggregation Handler. This manipulation of the argument rankFusion/scoreFusion causes null pointer dereference. This vulnerability is handled as CVE-2026-8063. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

Kloudfuse has announced the general availability of Kloudfuse 4.0. The release helps enterprises meet rising compliance requirements, adopt AI-driven observability with production-grade governance, and scale their observability infrastructure without platform bottlenecks, while keeping every byte of telemetry data inside their own cloud environment. Kloudfuse 4.0 addresses three converging pressures: the FIPS 140-2 sunset on September 22, 2026, after which NIST will move all FIPS 140-2 certificates to the Historical List, the enterprise adoption of AI … More →

The post Kloudfuse 4.0 delivers AI-governed observability and scalable workload isolation appeared first on Help Net Security.

A vulnerability was found in Foxit PDF Editor and PDF Reader. It has been rated as critical. Impacted is an unknown function of the component UI Handler. Performing a manipulation results in use after free. This vulnerability was named CVE-2026-5940. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in ZTE ZXCLOUD iRAI 7.2X. This impacts an unknown function of the file uSmartViewServiceAgent.exe. Executing a manipulation can lead to uncontrolled search path. This vulnerability is registered as CVE-2026-44406. The attack needs to be launched locally. No exploit is available.

A vulnerability was found in LibreOffice up to 25.8.6/26.2.2. It has been rated as critical. This affects an unknown function of the component OOXML Handler. Performing a manipulation of the argument salt results in out-of-bounds write. This vulnerability is cataloged as CVE-2026-4430. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Hitachi Virtual Storage Platform One Block 23/24/26/28. It has been declared as critical. The impacted element is an unknown function. Such manipulation leads to os command injection. This vulnerability is listed as CVE-2025-9661. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Foxit PDF Editor and PDF Reader and classified as critical. This affects an unknown part of the component XFA PDF Handler. The manipulation results in use after free. This vulnerability is known as CVE-2026-5939. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

Red Hat has announced the upcoming general availability of Red Hat Enterprise Linux 10.2 and 9.8. Building on the innovation of Red Hat Enterprise Linux 10, the latest versions help address security threats, speed AI innovation and minimize operational drift. What Red Hat announced Red Hat Enterprise Linux 10.2 and 9.8 provide a strategic and durable operating system (OS) platform that unifies IT operations across the hybrid cloud with security in mind. By enhancing confidential … More →

The post Red Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releases appeared first on Help Net Security.

Домашний интернет переживет 9 мая спокойно. С мобильным сложнее.

A vulnerability marked as problematic has been reported in Linux Kernel 3.10/3.12/3.13. This affects the function ip6_route_add of the file net/ipv6/route.c of the component Router Advertisement Handler. Performing a manipulation results in numeric error (Remote). This vulnerability is reported as CVE-2014-2309. The attack is possible to be carried out remotely. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Wireshark and classified as problematic. This vulnerability affects unknown code of the file epan/dissectors/packet-rlc of the component RLC Dissector. The manipulation results in memory corruption. This vulnerability is identified as CVE-2014-2283. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Wireshark. It has been classified as critical. This issue affects some unknown processing of the file wiretap/mpeg.c of the component MPEG File Parser. This manipulation causes memory corruption. This vulnerability is tracked as CVE-2014-2299. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability was found in ZTE F460. It has been rated as critical. Impacted is an unknown function of the component Telnet Service. This manipulation causes improper access controls. This vulnerability is tracked as CVE-2014-2321. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in ImageCMS 4.0.0. The affected element is an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2013-7334. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in ImageCMS 4.0.0. The impacted element is an unknown function. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2012-6290. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Batavi 1.2.2. This affects an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2013-2289. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as problematic has been reported in Umi UMI.CMS. This impacts an unknown function of the file UMI.CMS of the component Administrator Account. The manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2013-2754. The attack can be initiated remotely. Additionally, an exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Jpchacha Chasys Draw IES up to 4.00.0. Affected is the function ReadFile in the library flt_BMP.dll of the component biBitCount. The manipulation results in memory corruption. This vulnerability is reported as CVE-2013-3928. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.