Posts of last 24 hours
关键词漏洞你的杀毒软件,可能正在成为攻击者的"最佳帮凶"。
https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077782&idx=1&sn=7618468fc5072e3fefd2e8f69fe0eefa
Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure.
The apps flagged with at least one problem have been installed more than 2.4 billion times.
The problems are basic, not sophisticated. 29 apps let user traffic leak outside
https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html
EDPB指引 VS. 中国国家标准
https://mp.weixin.qq.com/s?__biz=MzIxODM0NDU4MQ==&mid=2247508681&idx=1&sn=0142d5d669fe36fbac467092ef85be64
A vulnerability labeled as problematic has been found in wplegalpages Cookie Banner for GDPR CCPA Plugin up to 4.3.6 on WordPress. The impacted element is an unknown function of the component Cookie Consent Handler. Such manipulation of the argument scan_id leads to sql injection.
This vulnerability is referenced as CVE-2026-14475. It is possible to launch the attack remotely. No exploit is available.
https://vuldb.com/vuln/377451
A vulnerability classified as problematic was found in logichunt Logo Slider Plugin up to 5.5 on WordPress. This vulnerability affects unknown code of the component Tooltip Handler. Such manipulation of the argument lgx_tooltip_position leads to cross site scripting.
This vulnerability is listed as CVE-2026-13247. The attack may be performed from remote. There is no available exploit.
https://vuldb.com/vuln/377469
本次案例表明,Web3 钓鱼攻击正逐步演变为以真实服务和可信界面包装的多阶段社会工程攻击,最终目标仍是窃取用户终端数据与加密资产。
https://mp.weixin.qq.com/s?__biz=MzU4ODQ3NTM2OA==&mid=2247505394&idx=1&sn=9c8f39fc6a7bcd317482f86995c45a68
A vulnerability, which was classified as problematic, has been found in GPAC up to 2.0.x. The affected element is an unknown function. The manipulation leads to uncontrolled recursion.
This vulnerability is listed as CVE-2022-3222. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
https://vuldb.com/vuln/208644
A vulnerability described as critical has been identified in Sophos Firewall up to 19.4. The affected element is an unknown function of the component SSL VPN Configuration Upload Handler. Executing a manipulation can lead to os command injection.
This vulnerability is registered as CVE-2022-3226. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
https://vuldb.com/vuln/214661
A vulnerability was found in Advanced Comment Form Plugin up to 1.2.0 on WordPress. It has been rated as problematic. This affects an unknown part of the component Setting Handler. Performing a manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2022-3220. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
https://vuldb.com/vuln/210400
A vulnerability, which was classified as critical, was found in D-Link DIR-2150. Affected by this vulnerability is the function ui_upload of the component xupnpd. The manipulation results in command injection.
This vulnerability is reported as CVE-2022-3210. The attacker must have access to the local network to execute the attack. No exploit exists.
You should upgrade the affected component.
https://vuldb.com/vuln/211333