120
CVEs
31
Threats
0
News
30
Critical
29
CISA KEV
🛡 Security Vulnerabilities (CVE)
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
CVE-2018-11776
Apache Struts Remote Code Execution Vulnerability — Apache Struts contains a vulnerability that allows for remote code e
11:01 KSA
Apache Struts Remote Code Execution Vulnerability — Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurati…
CVE-2018-1273
VMware Tanzu Spring Data Commons Property Binder Vulnerability — Spring Data Commons contains a property binder vulnerab
11:01 KSA
VMware Tanzu Spring Data Commons Property Binder Vulnerability — Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.
CVE-2018-13374
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability — Fortinet FortiOS and FortiADC contain an improper
11:01 KSA
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability — Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity te…
CVE-2018-13379
Fortinet FortiOS SSL VPN Path Traversal Vulnerability — Fortinet FortiOS SSL VPN web portal contains a path traversal vu
11:01 KSA
Fortinet FortiOS SSL VPN Path Traversal Vulnerability — Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
CVE-2018-13382
Fortinet FortiOS and FortiProxy Improper Authorization — An Improper Authorization vulnerability in Fortinet FortiOS and
11:01 KSA
Fortinet FortiOS and FortiProxy Improper Authorization — An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
CVE-2018-13383
Fortinet FortiOS and FortiProxy Out-of-bounds Write — A heap buffer overflow in Fortinet FortiOS and FortiProxy may caus
11:01 KSA
Fortinet FortiOS and FortiProxy Out-of-bounds Write — A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
CVE-2018-14558
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability — Tenda AC7, AC9, and AC10 devices contain a command in
11:01 KSA
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability — Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker t…
CVE-2018-14667
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability — Red Hat JBoss RichFaces Framework contai
11:01 KSA
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability — Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute …
CVE-2018-14839
LG N1A1 NAS Remote Command Execution Vulnerability — LG N1A1 NAS 3718.510 is affected by a remote code execution vulnera
11:01 KSA
LG N1A1 NAS Remote Command Execution Vulnerability — LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.
CVE-2018-14847
MikroTik Router OS Directory Traversal Vulnerability — MikroTik RouterOS through 6.42 allows unauthenticated remote atta
11:01 KSA
MikroTik Router OS Directory Traversal Vulnerability — MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
CVE-2018-14933
NUUO NVRmini Devices OS Command Injection Vulnerability — NUUO NVRmini devices contain an OS command injection vulnerab
11:01 KSA
NUUO NVRmini Devices OS Command Injection Vulnerability — NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVE-2018-15133
Laravel Deserialization of Untrusted Data Vulnerability — Laravel Framework contains a deserialization of untrusted data
11:01 KSA
Laravel Deserialization of Untrusted Data Vulnerability — Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key …
CVE-2018-15811
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption stren
11:01 KSA
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
CVE-2018-15961
Adobe ColdFusion Unrestricted File Upload Vulnerability — Adobe ColdFusion contains an unrestricted file upload vulnerab
11:01 KSA
Adobe ColdFusion Unrestricted File Upload Vulnerability — Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
CVE-2018-15982
Adobe Flash Player Use-After-Free Vulnerability — Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free V
11:01 KSA
Adobe Flash Player Use-After-Free Vulnerability — Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
CVE-2018-17463
Google Chromium V8 Remote Code Execution Vulnerability — Google Chromium V8 Engine contains an unspecified vulnerability
11:01 KSA
Google Chromium V8 Remote Code Execution Vulnerability — Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chro…
CVE-2018-17480
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains out-of-bounds write vulnerabil
11:01 KSA
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize C…
CVE-2018-18325
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption stren
11:01 KSA
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811…
CVE-2018-18809
TIBCO JasperReports Library Directory Traversal Vulnerability — TIBCO JasperReports Library contains a directory-travers
11:01 KSA
TIBCO JasperReports Library Directory Traversal Vulnerability — TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system.
CVE-2018-19320
GIGABYTE Multiple Products Unspecified Vulnerability — The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics
11:01 KSA
GIGABYTE Multiple Products Unspecified Vulnerability — The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected …
CVE-2018-19321
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App C
11:01 KSA
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by …
CVE-2018-19322
GIGABYTE Multiple Products Code Execution Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center,
11:01 KSA
GIGABYTE Multiple Products Code Execution Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of wa…
CVE-2018-19323
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App C
11:01 KSA
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a l…
CVE-2018-19410
Paessler PRTG Network Monitor Local File Inclusion Vulnerability — Paessler PRTG Network Monitor contains a local file i
11:01 KSA
Paessler PRTG Network Monitor Local File Inclusion Vulnerability — Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).
CVE-2018-19943
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File
11:01 KSA
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
CVE-2018-19949
QNAP NAS File Station Command Injection Vulnerability — A command injection vulnerability affecting QNAP NAS File Statio
11:01 KSA
QNAP NAS File Station Command Injection Vulnerability — A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
CVE-2018-19953
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File
11:01 KSA
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
CVE-2018-20062
ThinkPHP "noneCms" Remote Code Execution Vulnerability — ThinkPHP "noneCms" contains an unspecified vulnerability that a
11:01 KSA
ThinkPHP "noneCms" Remote Code Execution Vulnerability — ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
CVE-2018-20250
WinRAR Absolute Path Traversal Vulnerability — WinRAR Absolute Path Traversal vulnerability leads to Remote Code Executi
11:01 KSA
WinRAR Absolute Path Traversal Vulnerability — WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
CVE-2025-47392
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
00:38 KSA
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
CVE-2026-33510
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been disco
05:32 KSA
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirect and router.push. An attacker ca…
CVE-2026-35643
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject
08:18 KSA
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.
CVE-2026-35663
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request bro
16:36 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.
CVE-2026-35666
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/b
22:47 KSA
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.
CVE-2026-35669
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that
22:47 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges…
CVE-2026-5989
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. E
01:48 KSA
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and ma…
CVE-2026-5990
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter
01:48 KSA
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The expl…
CVE-2026-5991
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /gof
01:48 KSA
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made publ…
CVE-2026-5992
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2
03:48 KSA
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publ…
CVE-2026-6012
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file
03:48 KSA
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be …
CVE-2026-6013
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /g
07:54 KSA
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from …
CVE-2026-6014
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formA
13:55 KSA
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remot…
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/Qui
20:00 KSA
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch th…
CVE-2026-6016
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/W
20:00 KSA
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be init…
CVE-2021-47961
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to
04:18 KSA
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN tr…
CVE-2026-35653
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that all
16:36 KSA
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile throug…
CVE-2026-35660
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint tha
16:36 KSA
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an exp…
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to,
03:48 KSA
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization …
CVE-2024-14032
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that
11:36 KSA
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: me…
CVE-2025-47389
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
18:37 KSA
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
Memory corruption while preprocessing IOCTL request in JPEG driver.
Memory corruption while processing a frame request from user.
CVE-2026-21371
Memory Corruption when retrieving output buffer with insufficient size validation.
00:38 KSA
Memory Corruption when retrieving output buffer with insufficient size validation.
CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
00:38 KSA
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
CVE-2026-35641
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that
08:18 KSA
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package director…
CVE-2026-35668
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to re
22:47 KSA
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in n…
CVE-2026-21367
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
00:38 KSA
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2026-3360
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Ref
03:48 KSA
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The…
CVE-2026-35650
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypa
10:19 KSA
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsi…
CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under
05:16 KSA
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size lim…
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redir
05:16 KSA
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled T…
CVE-2026-5648
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /u
05:32 KSA
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is…
CVE-2026-5663
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEn
11:36 KSA
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the at…
CVE-2026-6004
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the fil
03:48 KSA
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results in sql injection. It is possible to initiate the attack remotely. The exploit i…
CVE-2026-6024
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfu
20:00 KSA
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly dis…
CVE-2026-6031
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the
22:16 KSA
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been di…
CVE-2026-6036
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown fu
22:16 KSA
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. …
CVE-2026-6037
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function
04:18 KSA
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. …
CVE-2026-6038
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function
04:18 KSA
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. The attack may be performed from remote. Th…
CVE-2026-29002
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin
04:18 KSA
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request bo…
CVE-2026-29047
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user
05:32 KSA
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6.
CVE-2025-47400
Cryptographic issue while copying data to a destination buffer without validating its size.
00:38 KSA
Cryptographic issue while copying data to a destination buffer without validating its size.
CVE-2026-33704
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arb
03:25 KSA
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While …
CVE-2026-4162
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. Th
04:18 KSA
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscrib…
CVE-2026-21915
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweig
06:54 KSA
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.
The CLI menu accepts input without carefully validating it, …
CVE-2021-47960
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows
19:18 KSA
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with …
CVE-2025-59969
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolki
04:48 KSA
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial …
CVE-2026-21919
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evol
09:54 KSA
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.
When NETCONF sessions are quickly …
CVE-2026-33774
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper N
20:54 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the dev…
CVE-2026-33775
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (b
23:01 KSA
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
If the authentication packe…
CVE-2026-35621
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validat
21:42 KSA
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to …
CVE-2026-35649
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny
23:44 KSA
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing int…
CVE-2026-35652
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows no
01:48 KSA
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation co…
CVE-2026-35656
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when
01:48 KSA
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding headers to bypass canvas authentication a…
CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route
01:48 KSA
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulner…
CVE-2026-35658
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools
01:48 KSA
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.
12:36 KSA
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'webling_admin_save_form' and 'webling_admin_save…
CVE-2026-2305
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_cod
14:54 KSA
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta value…
CVE-2026-5999
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnounceme
14:54 KSA
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be us…
CVE-2026-6005
A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function
17:16 KSA
A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem_id can lead to sql injection. It is possible to launch the attack remotely. The…
A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been…
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection. The attack can be launched remotely. The exploit has been made public and coul…
CVE-2026-6010
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknow
17:16 KSA
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploita…
CVE-2026-6030
A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of
19:18 KSA
A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been publis…
CVE-2026-6033
A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedet
19:18 KSA
A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploi…
CVE-2023-54358
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated
04:48 KSA
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile …
CVE-2023-54360
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicio
04:48 KSA
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers whe…
CVE-2023-54361
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inje
04:48 KSA
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter o…
CVE-2023-54362
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to
04:48 KSA
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the pr…
CVE-2023-54363
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to
04:48 KSA
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemi…
CVE-2023-54364
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to i
04:48 KSA
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_op…
CVE-2026-21904
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Network
06:54 KSA
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
list filter field that, when visited by another user, enables the attacker to execute commands w…
CVE-2026-35667
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched k
05:54 KSA
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the …
CVE-2026-4305
The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the
12:36 KSA
The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, and including, 1.0.16 due to insufficient input validation. This makes it possible for unauthenticated …
CVE-2026-35670
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies t
05:54 KSA
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect web…
CVE-2026-33773
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS
12:00 KSA
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the sa…
CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicti
01:48 KSA
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypa…
CVE-2026-6011
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the
19:18 KSA
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack c…
CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user w
23:01 KSA
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.
A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will ex…
CVE-2026-2712
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability che
12:36 KSA
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartbeat.php` in all versions up to, and including, 4.5.0. This is due to the Heartbea…
CVE-2026-33119
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized
08:16 KSA
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35620
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handle
21:42 KSA
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fa…
CVE-2026-35647
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks an
23:44 KSA
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation…
CVE-2026-35654
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows
01:48 KSA
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback re…
CVE-2026-35661
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows
01:48 KSA
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct …
CVE-2026-35664
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired
03:50 KSA
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper a…
CVE-2026-35665
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request
03:50 KSA
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources b…
CVE-2026-4664
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to,
12:36 KSA
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the `create_review_permissions_check()` function comparing the user-supplied `key` parameter against the order's `ivole_s…
CVE-2026-5998
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file
14:54 KSA
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initi…
⚠️ Threat Intelligence
31 threats
rss:Mandiant Blog
—
15:33 KSA
<strong>What’s new with Google Cloud</strong>
This article provides an overview of Google Cloud's latest updates and announcements. It serves as a general informational resource rather than addressing specific cybersecurity threats or vulnerabilities.
Source: https://cloud.goog…
rss:Recorded Future
—
22:48 KSA
<strong>VIP Credential Monitoring Blog</strong>
Executives and high-privilege users face elevated credential theft risks that standard monitoring often fails to detect. VIP Credential Monitoring in Recorded Future Identity Intelligence provides enhanced protection for sensitive …
rss:SecurityWeek
—
00:04 KSA
<strong>Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users</strong>
Microsoft discovered a vulnerability in EngageLab SDK affecting millions of Android cryptocurrency wallet users. The security flaw was reported to the vendor one year ago, raising con…
rss:SecurityWeek
—
00:04 KSA
<strong>Google Rolls Out Cookie Theft Protections in Chrome</strong>
Google introduced Device Bound Session Credentials in Chrome to protect against session cookie theft. The new feature cryptographically binds authentication sessions to specific devices, rendering stolen cookie…
rss:SecurityWeek
—
00:04 KSA
<strong>Critical Marimo Flaw Exploited Hours After Public Disclosure</strong>
A critical unauthenticated vulnerability in Marimo was exploited in the wild within nine hours of public disclosure. The rapid weaponization demonstrates the immediate threat posed by publicly disclose…
rss:BleepingComputer
—
00:03 KSA
<strong>New VENOM phishing attacks steal senior executives' Microsoft logins</strong>
Cybercriminals are leveraging a new phishing-as-a-service platform called VENOM to target C-suite executives' Microsoft credentials across multiple industries. This sophisticated PhaaS ope…
rss:BleepingComputer
—
00:03 KSA
<strong>New ‘LucidRook’ malware used in targeted attacks on NGOs, universities</strong>
A newly discovered Lua-based malware called LucidRook is being deployed in targeted spear-phishing campaigns against NGOs and universities in Taiwan. The sophisticated malware represents an e…
rss:BleepingComputer
—
00:03 KSA
<strong>Google rolls out Gmail end-to-end encryption on mobile devices</strong>
Google has deployed end-to-end encryption for Gmail on Android and iOS devices, enabling enterprise users to securely read and compose emails without requiring additional tools. This security enhance…
rss:SecurityWeek
—
23:01 KSA
<strong>MITRE Releases Fight Fraud Framework</strong>
MITRE released the Fight Fraud Framework, a behavior-based model documenting tactics and techniques used by fraudsters. This framework helps organizations understand and defend against fraud-related cyber threats by providing…
rss:SecurityWeek
—
23:01 KSA
<strong>Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000</strong>
Google released Chrome 147 patching 60 security vulnerabilities including two critical flaws in the WebML component reported by anonymous researchers. Organizations should prioriti…
rss:SecurityWeek
—
23:01 KSA
<strong>Orthanc DICOM Vulnerabilities Lead to Crashes, RCE</strong>
Critical vulnerabilities discovered in Orthanc DICOM medical imaging software could allow attackers to execute arbitrary code remotely, cause system crashes through denial-of-service attacks, and disclose sensit…
rss:Dark Reading
—
23:01 KSA
<strong>Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?</strong>
Anthropic releases Mythos Preview AI model capable of discovering and exploiting critical zero-day vulnerabilities autonomously. The vendor implements security controls to prevent misuse, raising …
rss:Dark Reading
—
23:01 KSA
<strong>Industrial Controllers Still Vulnerable As Conflicts Move to Cyber</strong>
US government issues warning about targeted attacks on programmable logic controllers (PLCs) in industrial environments. Security research identifies 179 vulnerable operational technology devices…
rss:Dark Reading
—
23:01 KSA
<strong>Orange Business Reimagines Enterprise Voice Communications With Trust and AI</strong>
Orange Business announces enterprise voice communications solution integrating AI capabilities with security focus. The development represents evolution in corporate telecommunications …
rss:The Hacker News
—
23:01 KSA
<strong>Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure</strong>
A critical remote code execution vulnerability (CVE-2026-39987, CVSS 9.3) in Marimo Python notebook was exploited within 10 hours of public disclosure. The pre-authentication flaw allows atta…
rss:The Hacker News
—
23:01 KSA
<strong>Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers</strong>
Threat actors compromised Nextend's update servers to distribute a backdoored version of Smart Slider 3 Pro plugin (v3.5.1.35) for WordPress and Joomla. This supply chain attack all…
rss:The Hacker News
—
23:01 KSA
<strong>Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows</strong>
Google has released Device Bound Session Credentials (DBSC) for all Windows users of Chrome 146 to prevent session theft attacks. This security feature binds user sessions to specific devices,…
rss:BleepingComputer
—
23:00 KSA
<strong>Microsoft: Canadian employees targeted in payroll pirate attacks</strong>
Microsoft identifies Storm-2755, a financially motivated threat actor conducting 'payroll pirate' attacks against Canadian employees. The attackers hijack employee accounts to redirect and steal sa…
rss:BleepingComputer
—
23:00 KSA
<strong>CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads</strong>
Attackers compromised CPUID's API and modified download links on the official website to distribute malware through popular system monitoring tools CPU-Z and HWMonitor. This supply chain attack affec…
rss:BleepingComputer
—
23:00 KSA
<strong>Analysis of one billion CISA KEV remediation records exposes limits of human-scale security</strong>
Analysis of 1 billion CISA KEV remediation records by Qualys reveals that most critical vulnerabilities are exploited by attackers before defenders can patch them. This e…
rss:Malwarebytes Lab
—
21:50 KSA
<strong>ClickFix finds a new way to infect Macs</strong>
ClickFix malware campaigns have evolved to bypass macOS Tahoe security warnings by exploiting Script Editor instead of Terminal. This new technique circumvents Apple's built-in protections against malicious command executi…
rss:Malwarebytes Lab
—
21:50 KSA
<strong>Fake Claude site installs malware that gives attackers access to your computer</strong>
A sophisticated fake Claude AI website has been discovered distributing a trojanized application that secretly installs PlugX malware. The malicious site appears convincing and grants…
rss:SecurityWeek
—
21:49 KSA
<strong>Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday</strong>
US government issued warnings about Iran-linked threat actors actively manipulating PLCs and SCADA systems to cause operational disruption in critical infrastructure. The attacks …
rss:SecurityWeek
—
21:49 KSA
<strong>Juniper Networks Patches Dozens of Junos OS Vulnerabilities</strong>
Juniper Networks released security patches for dozens of vulnerabilities in Junos OS. A critical-severity flaw allows remote attackers to take complete control of vulnerable devices without authenticati…
rss:SecurityWeek
—
21:49 KSA
<strong>In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack</strong>
Multiple cybersecurity incidents reported including a cyberattack on Stryker medical devices company, a Windows zero-day vulnerability exploitation, and a breach of Chinese sup…
rss:Dark Reading
—
21:49 KSA
<strong>FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats</strong>
FINRA has established a Financial Intelligence Fusion Center to enhance collaboration and information sharing against cybersecurity threats and fraud targeting the fina…
rss:Dark Reading
—
21:49 KSA
<strong>Your Next Breach Will Look Like Business as Usual</strong>
Cybersecurity teams must fundamentally shift their detection models to identify credential-based attacks that blend with normal business operations. Traditional security tools struggle to detect these attacks as …
rss:Dark Reading
—
21:49 KSA
<strong>Hims Breach Exposes the Most Sensitive Kinds of PHI</strong>
Threat actors breached telehealth provider Hims, exposing highly sensitive personal health information including medical conditions related to hair loss, weight, and sexual health. The breach raises concerns ab…
rss:The Hacker News
—
21:48 KSA
<strong>Browser Extensions Are the New AI Consumption Channel That No One Is Talking About</strong>
A LayerX report reveals AI browser extensions represent a critical security blind spot in organizations' AI security strategies. While companies focus on shadow AI and GenAI consu…
rss:The Hacker News
—
21:48 KSA
<strong>GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs</strong>
The GlassWorm campaign has evolved to use a new Zig-based dropper that targets and infects all integrated development environments (IDEs) on developers' machines through malicious Open VSX ext…
rss:BleepingComputer
—
21:48 KSA
<strong>Nearly 4,000 US industrial devices exposed to Iranian cyberattacks</strong>
Iranian-linked hackers are targeting US critical infrastructure with nearly 4,000 Internet-exposed Rockwell Automation PLCs vulnerable to attack. This represents a significant threat to industria…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Friday, April 10, 2026
CVE Archive ·
Threats ·
News