China’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and military research organizations and stayed hidden for more than two years. The earliest confirmed intrusion […]
A vulnerability was found in Nokia SR Linux up to 23.10.7/24.10.5/25.7.1. It has been declared as problematic. This affects an unknown function. Such manipulation leads to Local Privilege Escalation.
This vulnerability is listed as CVE-2025-10262. The attack must be carried out locally. There is no available exploit.
It is recommended to upgrade the affected component.
A vulnerability was found in Sony Optical Disc Archive Software for Windows up to 5.5.3 on Windows. It has been classified as critical. The impacted element is an unknown function. This manipulation causes incorrect default permissions.
This vulnerability is tracked as CVE-2026-50255. The attack is restricted to local execution. No exploit exists.
A vulnerability was found in rometheme RTMKit Plugin up to 2.0.7 on WordPress and classified as problematic. The affected element is an unknown function of the component AJAX Endpoint. The manipulation of the argument entries_id results in incorrect authorization.
This vulnerability is identified as CVE-2026-5149. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
A vulnerability has been found in mohammadtanzilurrahman Static Block Plugin up to 2.2 on WordPress and classified as problematic. Impacted is the function static_block_content of the component Shortcode Handler. The manipulation of the argument ID leads to authorization bypass.
This vulnerability is referenced as CVE-2026-10780. Remote exploitation of the attack is possible. No exploit is available.
A vulnerability, which was classified as critical, was found in zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress. This issue affects the function action__remove_abandoned. Executing a manipulation can lead to missing authorization.
The identification of this vulnerability is CVE-2026-9187. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
A vulnerability, which was classified as critical, has been found in zephyrproject zephyr up to 4.4.x. This vulnerability affects the function k_mem_domain_deinit of the file arch/xtensa/core/ptables.c of the component Xtensa memory-domain de-initialization Feature. Performing a manipulation results in use after free.
This vulnerability was named CVE-2026-10635. The attack needs to be approached locally. There is no available exploit.
It is advisable to upgrade the affected component.
A vulnerability classified as critical was found in Premmerce Dev Tools Plugin up to 2.0 on WordPress. This affects the function generatePluginHandler. Such manipulation of the argument premmerce_plugin_namespace leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2026-6933. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
A vulnerability classified as critical has been found in WP Review Slider Pro Plugin up to 12.6.8 on WordPress. Affected by this issue is the function stripslashes. This manipulation of the argument wpdb causes sql injection.
This vulnerability is handled as CVE-2026-8443. The attack can be initiated remotely. There is not any exploit available.