Posts of last 24 hours
https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247501854&idx=1&sn=8053ab8b23dc73ea37bca690299df853
A vulnerability categorized as problematic has been discovered in Limatek System LimRAD NAC up to 08072026. Impacted is an unknown function of the component Web Page Generation. Such manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2026-6371. The attack can be launched remotely. No exploit exists.
https://vuldb.com/vuln/376833
Абонент из Алтайского края побил антирекорд по числу звонков от мошенников в 2026 году.
https://www.securitylab.ru/news/574617.php
A vulnerability was found in e4jvikwp VikBooking Plugin up to 1.8.8. It has been rated as problematic. This issue affects some unknown processing of the component Booking Engine. This manipulation of the argument special_requests causes cross site scripting.
This vulnerability is handled as CVE-2026-6818. The attack can be initiated remotely. There is not any exploit available.
https://vuldb.com/vuln/376832
A vulnerability was found in mdempfle Advanced iFrame Plugin up to 2026.1. It has been declared as problematic. This vulnerability affects unknown code of the component Input Handler. The manipulation of the argument additional results in cross site scripting.
This vulnerability is known as CVE-2026-6742. It is possible to launch the attack remotely. No exploit is available.
https://vuldb.com/vuln/376831
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.
https://krebsonsecurity.com/2026/07/felons-fraudsters-flog-offensive-cybersecurity-startup/
A vulnerability was found in seedprod Website Builder by SeedProd Plugin up to 6.20.2. It has been classified as problematic. This affects an unknown part of the component Nested Menu Widget. The manipulation of the argument attributes leads to cross site scripting.
This vulnerability is traded as CVE-2025-14785. It is possible to initiate the attack remotely. There is no exploit available.
https://vuldb.com/vuln/376830
Sygnia report details how agentic AI accelerated weeks-long attack to just 72 hours
https://www.infosecurity-magazine.com/news/threat-actor-agentic-ai-cloud/
A vulnerability was found in Apache Gravitino up to 1.2.0 and classified as critical. Affected by this issue is the function testConnection of the component testConnection API. Executing a manipulation of the argument INIT can lead to improper input validation.
This vulnerability appears as CVE-2026-41042. The attack may be performed from remote. There is no available exploit.
https://vuldb.com/vuln/376829
A vulnerability has been found in joedolson My Calendar Plugin up to 3.7.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Authentication Handler. Performing a manipulation of the argument mc_auth results in sql injection.
This vulnerability is reported as CVE-2026-6854. The attack is possible to be carried out remotely. No exploit exists.
https://vuldb.com/vuln/376828