Aggregator

CVE-2026-49231 | Apache APISIX up to 3.16.0 Upstream Service authentication spoofing

VulDB Recent Entries
1 week 2 days ago
A vulnerability classified as critical was found in Apache APISIX up to 3.16.0. Affected by this vulnerability is an unknown functionality of the component Upstream Service. The manipulation results in authentication bypass by spoofing. This vulnerability is reported as CVE-2026-49231. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-52909 | Linux Kernel up to 6.18.35/7.0.12 ip6_vti vti6_init_net initialization (EUVD-2026-38033)

VulDB Recent Entries
1 week 2 days ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.18.35/7.0.12. This impacts the function vti6_init_net of the component ip6_vti. Executing a manipulation can lead to improper initialization. This vulnerability is registered as CVE-2026-52909. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-52910 | Linux Kernel up to 7.0.12 bpf sock_reuseport.c sk_reuseport_prog_free out-of-bounds (EUVD-2026-38034)

VulDB Recent Entries
1 week 2 days ago
A vulnerability marked as critical has been reported in Linux Kernel up to 7.0.12. This affects the function sk_reuseport_prog_free of the file net/core/sock_reuseport.c of the component bpf. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-52910. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-52908 | Linux Kernel up to 6.6.142/6.12.93/6.18.35/7.0.12 RDMA ib_umem_check_rereg privilege escalation (EUVD-2026-38037)

VulDB Recent Entries
1 week 2 days ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.142/6.12.93/6.18.35/7.0.12. The impacted element is the function ib_umem_check_rereg of the component RDMA. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-52908. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-49358 | pontedilana php-weasyprint up to 2.5.x removeTemporaryFiles temporaryFiles file inclusion (GHSA-87qc-37cw-84h4)

VulDB Recent Entries
1 week 2 days ago
A vulnerability identified as problematic has been detected in pontedilana php-weasyprint up to 2.5.x. The affected element is the function removeTemporaryFiles. This manipulation of the argument temporaryFiles causes file inclusion. This vulnerability is tracked as CVE-2026-49358. The attack is restricted to local execution. No exploit exists. You should upgrade the affected component.
vuldb.com

加州亿万富翁税提案获得足够签名有资格在 11 月公投

Solidot
1 week 2 days ago
加州亿万富翁税提案获得足够签名达到在 11 月公投的资格。亿万富翁税(California Billionaire Tax Act)将对任何身价逾 10 亿美元的加州居民一次性征收 5% 的税,该税将用于医保和教育等项目。加州是全美亿万富翁人数最多的州,总数超过 200 人,很多人在 AI 热下积累了巨额财富。该税遭到了加州亿万富翁们的强烈反对,Google 联合创始人 Sergey Brin 一人至少投入了 8200 万美元反对该税,并搬到了靠近加州的内华达州居住。Palantir 联合创始人 Peter Thiel、Google 前 CEO Eric Sc​​hmidt、加密货币亿万富翁 Chris Larsen 以及DoorDash CEO Tony Xu 等也捐出了数百万美元反对该税。英伟达 CEO 黄仁勋则对该税没有异议,称会继续居住在加州。尽管提案已获得足够的签名,但相关组织必须在 6 月 25 日之前决定是否继续推进,或者与州政府达成协议。

CISA Adds LiteSpeed cPanel Plugin Vulnerability to KEV List Following Active Exploitation

Cyber Security News
1 week 2 days ago

CISA has added a critical LiteSpeed cPanel Plugin vulnerability, tracked as CVE-2026-54420, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw affects shared hosting environments and poses a significant risk to servers running CloudLinux with CageFS isolation. The vulnerability is classified as a UNIX symbolic link (symlink) […]

The post CISA Adds LiteSpeed cPanel Plugin Vulnerability to KEV List Following Active Exploitation appeared first on Cyber Security News.

Abinaya

Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers

Cyber Security News
1 week 2 days ago

Critical security flaws discovered in widely used Chrome extensions SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser sessions and potentially access sensitive data across websites and local systems. Security researchers at Rebora Security uncovered vulnerabilities dubbed “Spyder” and “MaXSS” affecting AI-powered “agentic side panel” extensions. These tools, […]

The post Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers appeared first on Cyber Security News.

Abinaya

Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections

Cyber Security News
1 week 2 days ago

Luxembourg, Luxembourg, June 19th, 2026, CyberNewswire Gcore’s Network Layer DDoS Protection helped Ucom maintain service continuity and operational readiness for critical public-facing broadcast services Gcore, the global edge AI, cloud, network, and security solutions provider, supported Ucom, one of Armenia’s leading telecommunications providers, in safeguarding public live broadcast infrastructure during Armenia’s 2026 parliamentary elections. Ucom […]

The post Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections appeared first on Cyber Security News.

Cybernewswire

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

The Hackers News
1 week 2 days ago
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no sign-in screen, and no further user interaction once
The Hacker News

Critical WordPress Plugin Vulnerability Exposes 1 Million Sites to File Deletion Attacks

Cyber Security News
1 week 2 days ago

A critical security vulnerability in the widely used Avada (Fusion) Builder WordPress plugin has exposed over 1 million websites to arbitrary file-deletion attacks, potentially leading to full-site compromise and remote code execution. The flaw, tracked as CVE-2026-8713 with a CVSS score of 9.1, was discovered by security researcher “daroo” and reported through the Wordfence Bug […]

The post Critical WordPress Plugin Vulnerability Exposes 1 Million Sites to File Deletion Attacks appeared first on Cyber Security News.

Abinaya

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

The Hackers News
1 week 2 days ago
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercriminals of access to infected computer systems," Maikel Rollman of the Netherlands National High Tech Crime Unit said. "This prevents
The Hacker News

Managed ad