Posts of last 24 hours
A vulnerability was found in Apache Gravitino up to 1.2.0 and classified as critical. Affected by this issue is the function testConnection of the component testConnection API. Executing a manipulation of the argument INIT can lead to improper input validation.
This vulnerability appears as CVE-2026-41042. The attack may be performed from remote. There is no available exploit.
https://vuldb.com/vuln/376829
A vulnerability has been found in joedolson My Calendar Plugin up to 3.7.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Authentication Handler. Performing a manipulation of the argument mc_auth results in sql injection.
This vulnerability is reported as CVE-2026-6854. The attack is possible to be carried out remotely. No exploit exists.
https://vuldb.com/vuln/376828
Attestiv announced the launch of DeepScan, a new platform built to help organizations automatically validate submitted files before they drive critical business decisions. DeepScan represents a major architectural shift for Attestiv and its customers: moving from detecting fake or manipulated media in isolation to validating whether submitted photos, documents, audio, and video can be inherently trusted within the specific context of a business workflow. “Deepfake detection has become a necessary part of validating customer-submitted files, … More →
The post Attestiv DeepScan combines AI and forensic analysis for file validation appeared first on Help Net Security.
https://www.helpnetsecurity.com/2026/07/08/attestiv-deepscan/
A vulnerability, which was classified as critical, was found in Tainacan Plugin up to 1.0.3. Affected is an unknown function of the component Query Handler. Such manipulation of the argument geoquery leads to sql injection.
This vulnerability is documented as CVE-2026-6230. The attack can be executed remotely. There is not any exploit available.
https://vuldb.com/vuln/376827
A vulnerability, which was classified as critical, has been found in themehunk Login Registration Plugin up to 1.0.2. This impacts the function handle_frontend_register of the file /thlogin/v1/register of the component REST endpoint. This manipulation of the argument role causes incorrectly-resolved name.
This vulnerability is registered as CVE-2026-14250. Remote exploitation of the attack is possible. No exploit is available.
https://vuldb.com/vuln/376826
A vulnerability classified as critical was found in wclovers WCFM Membership Plugin up to 2.11.10. This affects the function wcfmvm_membership_change of the component AJAX Action. The manipulation results in improper control of resource identifiers.
This vulnerability is cataloged as CVE-2026-3688. The attack may be launched remotely. There is no exploit available.
https://vuldb.com/vuln/376825
A vulnerability classified as critical has been found in devitemsllc Recurio Plugin up to 1.1.3. The impacted element is an unknown function of the component SQL Query Handler. The manipulation of the argument data leads to sql injection.
This vulnerability is listed as CVE-2026-12936. The attack may be initiated remotely. There is no available exploit.
https://vuldb.com/vuln/376824
Принц Гарри потерпел первое крупное поражение в серии исков против британских таблоидов.
https://www.securitylab.ru/news/574597.php
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback. [...]
https://www.bleepingcomputer.com/news/software/duckduckgo-browser-now-blocks-youtube-video-ads/
超越 BBA。
https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653110024&idx=1&sn=c7cb132d8d57e69e260160aa781c4f06