Aggregator

azure这一块 应用授权这一块 rbac这一块

A severe backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor WordPress plugin, enabling threat actors to […]

The post Critical Backdoor Exposes 20,000 WordPress Sites to Complete Takeover appeared first on HawkEye.

A vulnerability, which was classified as problematic, was found in Farktor E-Commerce Package up to 27112025. Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-13002. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Farktor E-Commerce Package up to 27112025. Affected is an unknown function. The manipulation leads to authorization bypass. This vulnerability is listed as CVE-2025-13004. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Farktor E-Commerce Package up to 27112025. This impacts an unknown function. Executing a manipulation can lead to sql injection. This vulnerability is tracked as CVE-2025-10969. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in PostgreSQL 18.0/18.1. This affects an unknown function of the component pg_trgm. Performing a manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2026-2007. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in PostgreSQL up to 14.20/15.15/16.11/17.7/18.1. The impacted element is an unknown function of the component intarray Extension. Such manipulation leads to improper validation of specified type of input. This vulnerability is referenced as CVE-2026-2004. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in PostgreSQL up to 14.20/15.15/16.11/17.7/18.1. The affected element is an unknown function of the component Multibyte Character Handler. This manipulation causes improper validation of array index. The identification of this vulnerability is CVE-2026-2006. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in PostgreSQL up to 14.20/15.15/16.11/17.7/18.1. Impacted is an unknown function of the component oidvector Handler. The manipulation results in improper validation of specified type of input. This vulnerability was named CVE-2026-2003. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in PostgreSQL up to 14.20/15.15/16.11/17.7/18.1. This issue affects some unknown processing of the component pgcrypto. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-2005. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

《Highguard》开发商 Wildlight Entertainment 证实了裁员的消息，但没有透露裁掉了多少员工。该公司的开发者称大部分员工都被辞退了。《Highguard》是一款以突袭为主题的英雄射击游戏，于 1 月 26 日上线，一度吸引了 9.7 万玩家同时在线，但这一热度并没有持续太长时间，在短短 17 天内同时在线玩家人数已经锐减到 2200 人左右，对一款需要长期运营的免费 PvP 游戏而言，结局可能已经注定了。

Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns

对DeepAudit多智能体漏洞挖掘系统开展黑盒审计，发现默认账户泄露、权限绕过、API未授权访问、压缩炸弹等高危漏洞。

WhatsApp said Thursday that Russia is attempting to fully block the messaging app in an effort to push users toward a state-backed alternative.

A dangerous malware campaign has emerged on the NPM package registry, putting thousands of developers and Windows users at risk. The malicious package, known as “duer-js,” was published by a user named “luizaearlyx” and disguised itself as a legitimate console visibility tool. Despite having only 528 downloads, security experts warn that its sophisticated attack methods […]

The post Sophisticated ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users appeared first on Cyber Security News.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17.1. The impacted element is the function complete_emulated_io of the component KVM. The manipulation results in permission issues. This vulnerability is identified as CVE-2025-40026. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18-rc1. Impacted is the function try_to_register_card of the component usb-audio. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-40085. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.157/6.6.114/6.12.55/6.17.5. This vulnerability affects the function handle_response of the component ksmbd. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-40084. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.17.1. This impacts the function f2fs_truncate_hole of the file fs/f2fs/file.c. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2025-40025. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Linux Kernel up to 6.2.2. This issue affects the function ses_enclosure_data_process of the component scsi. Executing a manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2023-7324. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.