Aggregator

A vulnerability categorized as problematic has been discovered in tourcms Tour & Activity Operator Plugin for TourCMS up to 1.7.0 on WordPress. The impacted element is the function tourcms_doc_link of the component Shortcode Handler. Executing a manipulation of the argument target can lead to cross site scripting. This vulnerability is registered as CVE-2026-1806. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in basiliskan Comment Genius Plugin up to 1.2.5 on WordPress. Affected is an unknown function of the component Parameters Handler. This manipulation of the argument $_SERVER['PHP_SELF'] causes cross site scripting. This vulnerability appears as CVE-2026-1647. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in qrolic Performance Monitor Plugin up to 1.0.6 on WordPress. Affected by this issue is some unknown functionality of the file /wp-json/performance-monitor/v1/curl_data of the component REST API Endpoint. Performing a manipulation of the argument url results in server-side request forgery. This vulnerability is known as CVE-2026-1648. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in wisdomlogix Fonts Manager Plugin up to 1.2 on WordPress. This issue affects some unknown processing of the component Parameters Handler. The manipulation of the argument fmcfIdSelectedFnt results in sql injection. This vulnerability was named CVE-2026-1800. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in omarnas Add Google Social Profiles to Knowledge Graph Box Plugin up to 1.0 on WordPress. It has been classified as problematic. The impacted element is an unknown function of the component Setting Handler. Performing a manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2026-1393. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in haghs Redirect Countdown Plugin up to 1.0 on WordPress. It has been classified as problematic. This affects the function countdown_settings_content of the component Setting Handler. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2026-1390. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in superrishi SR WP Minify HTML Plugin up to 2.1 on WordPress. Impacted is the function sr_minify_html_theme of the component Setting Handler. Executing a manipulation can lead to cross-site request forgery. This vulnerability is tracked as CVE-2026-1392. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in jeric_izon Schema Shortcode Plugin up to 1.0 on WordPress. The affected element is the function itemscope of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-1575. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in peacefulqode PQ Addons Plugin up to 1.0.0 on WordPress. This impacts an unknown function of the component Creative Elementor Widget. Such manipulation of the argument html_tag leads to cross site scripting. This vulnerability is documented as CVE-2026-1397. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in tonysamperi WP NG Weather Plugin up to 1.0.9 on WordPress. Affected by this vulnerability is the function ng-weather of the component Shortcode Handler. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-1822. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in frankkoenen login_register Plugin up to 1.2.0 on WordPress. It has been declared as problematic. This impacts an unknown function of the component Setting Handler. The manipulation of the argument login_register_login_post results in cross-site request forgery. This vulnerability was named CVE-2026-1503. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Новая версия Tails научилась самостоятельно искать мосты для подключения к сети.

The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”

嗯，用户让我用中文帮他总结一下这篇文章的内容，控制在一百个字以内，而且不需要以“文章内容总结”或者“这篇文章”这样的开头，直接写描述即可。好的，首先我得仔细阅读这篇文章，理解它的主要观点和结构。 文章一开始提到分析能力的差距是一个严重的问题，接着又提到了第二个结构性转变，很多安全供应商没有预料到。过去几年，部署架构被视为次要因素，大家倾向于将安全工具迁移到云端，集中运营。但随着地缘政治碎片化、监管压力以及对依赖外国技术提供商的担忧增加，组织开始重新评估关键安全工作负载的位置。 接下来文章讨论了数字主权不再只是数据驻留的监管要求，而是被视为技术弹性和业务连续性的先决条件。主权扩展到数据、运营和技术三个维度。安全分析工作负载通常位于高主权端，尤其是涉及敏感内部数据时。部署选择不仅仅是云或本地，而是在一个从全球公共云到完全隔离环境的光谱中。 然后文章提到供应商的数据处理和共享实践也影响主权立场。大型平台供应商在特定公共云区域有强大能力，但在需要主权或本地部署时可能受限。未来十年，安全架构将被评估为可验证的分析能力、主权就绪的部署模型和透明的数据治理。 最后建议每年至少进行一次POC测试当前架构，并与有深度分析能力的专家进行对比。 总结起来，文章主要讨论了现代网络安全中的主权问题、分析能力和部署灵活性的重要性，并建议通过POC测试来确保架构的有效性。 现代网络安全面临双重挑战：分析能力差距与主权需求转变。随着地缘政治变化和监管压力增加，组织需重新评估安全工作负载的位置，并关注数据、运营和技术主权。供应商需具备灵活部署能力和透明数据治理能力以应对复杂环境。未来安全架构将更注重核心分析能力和合规性。

嗯，用户让我用中文总结一篇文章，控制在100字以内，而且不需要特定的开头。我得先仔细阅读这篇文章，理解它的主要内容和关键点。 文章主要讲的是网络安全领域的问题。过去十年里，领导们被告知要整合工具、标准化平台、使用“单一窗格”，承诺是更少的供应商、更高的可见性和更好的安全。但实际情况是，仪表盘变好了，检测却没有提升。在邮件安全、EDR和威胁情报平台中都发现了同样的问题：漂亮的界面、复杂的工作流程和无数的威胁源，但实际发生事件时，分析结果却不够深入。 文章指出，核心问题在于安全厂商过于注重平台整合，而忽视了核心分析能力。高质量的分析需要准确性、深入的技术分析和上下文关联，而这些往往是缺乏的。举例来说，一个德国汽车集团测试了三个大平台和一个专业供应商，结果发现专业供应商在分析质量上更好且成本更低。 总结起来，文章的核心观点是：虽然平台整合很重要，但高质量的分析才是关键。企业正在转向专业供应商以获得更深入的分析能力。 现在我需要将这些要点浓缩到100字以内，并且不使用特定的开头语。要确保涵盖主要问题、原因和结论。 文章指出，在过去十年中，网络安全行业过于注重工具整合和平台标准化（如“单一窗格”），忽视了核心分析能力的提升。尽管仪表盘和界面不断优化，但在实际事件中，检测质量和深入分析仍显不足。企业逐渐发现专业供应商在分析质量上优于大型平台。高质量分析需具备准确性、技术深度和上下文关联性。

A vulnerability classified as problematic was found in Mozilla Firefox up to 148. This issue affects some unknown processing of the component HTTP. Such manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2026-4700. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 148. This affects an unknown function of the component Web Codecs. The manipulation leads to memory corruption. This vulnerability is referenced as CVE-2026-4697. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in path-to-regexp up to 8.3.x. This affects an unknown part. The manipulation results in inefficient regular expression complexity. This vulnerability was named CVE-2026-4923. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.