Posts of last 24 hours
A vulnerability, which was classified as critical, has been found in themehunk Login Registration Plugin up to 1.0.2. This impacts the function handle_frontend_register of the file /thlogin/v1/register of the component REST endpoint. This manipulation of the argument role causes incorrectly-resolved name.
This vulnerability is registered as CVE-2026-14250. Remote exploitation of the attack is possible. No exploit is available.
https://vuldb.com/vuln/376826
A vulnerability classified as critical was found in wclovers WCFM Membership Plugin up to 2.11.10. This affects the function wcfmvm_membership_change of the component AJAX Action. The manipulation results in improper control of resource identifiers.
This vulnerability is cataloged as CVE-2026-3688. The attack may be launched remotely. There is no exploit available.
https://vuldb.com/vuln/376825
A vulnerability classified as critical has been found in devitemsllc Recurio Plugin up to 1.1.3. The impacted element is an unknown function of the component SQL Query Handler. The manipulation of the argument data leads to sql injection.
This vulnerability is listed as CVE-2026-12936. The attack may be initiated remotely. There is no available exploit.
https://vuldb.com/vuln/376824
Принц Гарри потерпел первое крупное поражение в серии исков против британских таблоидов.
https://www.securitylab.ru/news/574597.php
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback. [...]
https://www.bleepingcomputer.com/news/software/duckduckgo-browser-now-blocks-youtube-video-ads/
超越 BBA。
https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653110024&idx=1&sn=c7cb132d8d57e69e260160aa781c4f06
China-linked UNK_MassTraction targets US and Canadian universities through Roundcube flaws, stealing sessions and opening access to research mail servers.
https://hackread.com/unk-masstraction-roundcube-us-canada-universities/
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified."
Everything a reviewer would check matches. The commit's hash does not. That matters
https://thehackernews.com/2026/07/github-verified-commits-can-be.html
Национальный центр кибербезопасности Британии предупредил об атаках на устройства Fortinet.
https://www.securitylab.ru/news/574595.php
https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&mid=2247497802&idx=1&sn=8aac08f6fc6e24e8380cc7169f0e6a71