Posts of last 24 hours
A vulnerability, which was classified as problematic, has been found in room34 ICS Calendar Plugin up to 12.0.9 on WordPress. Affected by this issue is some unknown functionality of the component Shortcode Handler. This manipulation of the argument htmltagtitle causes cross site scripting.
This vulnerability is registered as CVE-2026-9838. Remote exploitation of the attack is possible. No exploit is available.
https://vuldb.com/vuln/377456
A vulnerability classified as problematic was found in prasunsen Hostel Plugin up to 1.1.7 on WordPress. Affected by this vulnerability is the function wphostel-book of the component Shortcode Handler. The manipulation of the argument text results in cross site scripting.
This vulnerability is cataloged as CVE-2026-3907. The attack may be launched remotely. There is no exploit available.
https://vuldb.com/vuln/377455
本应阻止AI编码智能体运行危险命令的安全检查,可以用一个公开了几十年的Shell技巧直接绕过。
https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543476&idx=1&sn=dadf52119d907f0ea21f5c161ce4ef4c
A vulnerability classified as critical has been found in fahadmahmood Easy Upload Files During Checkout Plugin up to 3.0.1 on WordPress. Affected is the function ufdc_custom_init of the component File Deletion Handler. The manipulation of the argument eufdc-delete leads to missing authorization.
This vulnerability is listed as CVE-2026-6802. The attack may be initiated remotely. There is no available exploit.
https://vuldb.com/vuln/377454
Microsoft has said the volume of Windows security updates is set to grow as it uses AI to find new bugs
https://www.infosecurity-magazine.com/news/microsoft-increase-number-security/
OpenRouter 的数据显示:美国企业每周调用中国 AI 的占比按代表数据处理量的“词元”统计,自 2 月起突破30%,峰值达 46%。相比下 2025 年上半年仅 4% 左右。背景是美国本土 AI 使用成本升高。美国OpenAI 及美国 Anthropic 等高端模型的性能不断提高,可自动处理长时间、高复杂度的任务。但随着企业在内部业务、面向客户服务中广泛使用 AI,词元的消耗量增加,使用成本增加。OpenRouter 平台拥有 800 万用户,以工程师群体为主,每输出 100 万词元(约对应 70 万英文词汇)的收费标准方面,Anthropic 的“Claude Opus 4.7”收费 25 美元,而最热门的 DeepSeek V4 Flash 仅收费 0.18 美元,成本不足前者的 1%。
https://www.solidot.org/story?sid=84799
A vulnerability described as problematic has been identified in arraytics Eventin Plugin up to 4.1.15 on WordPress. This impacts an unknown function of the component FAQ Content Handler. Executing a manipulation of the argument etn_faq_content can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-12924. The attack can be launched remotely. No exploit exists.
https://vuldb.com/vuln/377453
A vulnerability marked as problematic has been reported in looswebstudio Highlighting Code Block Plugin up to 2.2.0 on WordPress. This affects an unknown function of the component Admin Settings Handler. Performing a manipulation results in cross site scripting.
This vulnerability is identified as CVE-2026-12108. The attack can be initiated remotely. There is not any exploit available.
https://vuldb.com/vuln/377452
重构正则底层,解锁 Yakit MITM 匹配性能新上限
https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247529987&idx=1&sn=da4ed019de1b08cc07b5ad961bdc2295
A vulnerability labeled as problematic has been found in wplegalpages Cookie Banner for GDPR CCPA Plugin up to 4.3.6 on WordPress. The impacted element is an unknown function of the component Cookie Consent Handler. Such manipulation of the argument scan_id leads to sql injection.
This vulnerability is referenced as CVE-2026-14475. It is possible to launch the attack remotely. No exploit is available.
https://vuldb.com/vuln/377451