Aggregator

A vulnerability identified as critical has been detected in Crocoblock JetEngine Plugin up to 3.8.8.1 on WordPress. The affected element is an unknown function. The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-42774. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in eMagicOne Store Manager Plugin up to 1.3.2 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to sql injection. This vulnerability is registered as CVE-2026-42773. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Perl up to 5.43.10 on 32-bit. It has been rated as critical. This issue affects the function Perl_study_chunk of the file regcomp_study.c. Performing a manipulation results in integer overflow to buffer overflow. This vulnerability is cataloged as CVE-2026-8376. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

F-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices and online activity through malware protection, scam prevention, safe browsing, and banking safeguards. The platform supports Windows, macOS, Android, and iOS devices under a single subscription. After downloading the Android app from the Play Store, I created an account and started using it. The setup process included enabling Device Protection, VPN, Scam Protection, and ID … More →

The post Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams appeared first on Help Net Security.

A vulnerability was found in bgermann CformsII Plugin up to 15.1.3 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2026-39436. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Melapress WP Activity Log Plugin up to 5.6.3 on WordPress. It has been classified as problematic. This affects an unknown part. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-45435. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in StoreApps Smart Manager Plugin up to 8.85.0 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation results in incorrect privilege assignment. This vulnerability is identified as CVE-2026-45216. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in edward_plainview MyCryptoCheckout Plugin up to 2.161 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-45209. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in VideoWhisper Broadcast Live Video Plugin up to 7.1.2 on WordPress. Affected is an unknown function. Executing a manipulation can lead to code injection. The identification of this vulnerability is CVE-2026-24937. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Unlimited Elements For Elementor Plugin up to 2.0.8 on WordPress. This impacts an unknown function. Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-48837. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in WebToffee Smart Coupons for WooCommerce Plugin up to 2.2.x on WordPress. This affects an unknown function. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-45438. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in thexerteproject xerteonlinetoolkits up to 3.15.0. Impacted is an unknown function of the file /setup of the component GET Request Handler. The manipulation of the argument root_path leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is referenced as CVE-2026-41459. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in OpenClaw up to 2026.4.9. Affected by this vulnerability is an unknown functionality of the file /dreaming. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-43568. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in givanz Vvveb up to 1.0.8.2. The affected element is an unknown function of the file plugin.php of the component Plugin Upload Endpoint. Executing a manipulation can lead to unrestricted upload. This vulnerability is handled as CVE-2026-41937. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

ALFA – Automated Audit Log Forensic Analysis for Google Workspace You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics...

The post ALFA: Automated Audit Log Forensic Analysis for Google Workspace appeared first on Information Security News.

Why are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the right permissions to act. That quiet requirement has created a massive population of machine identities, also called non-human identities (NHIs): service accounts, service principals, workload roles, OAuth apps, AI agents, and IAM roles. Machine identities authenticate using credentials like access keys, secrets, and tokens. Many of these identities hold privileges equal to … More →

The post Manage machine identities: The hidden privileged access layer you need to manage appeared first on Help Net Security.

Игры спасают от тревоги и изоляции — и наука наконец это доказала.

Over an extended operational horizon, a substantial contingent of enterprise practitioners utilizing HP’s premium notebook architecture has filed severe telemetry complaints regarding acute device regression post-installation of recent BIOS/UEFI firmware updates. The systemic anomalies...

The post The Auto-Bricker: Flawed HP BIOS Updates Pushed via Windows Update Freeze Elite Laptops appeared first on Information Security News.

Elon Musk recently disclosed exciting news regarding xAI. The company expects to release its nascent frontier model within the next two to three weeks. Code-named Grok V9-Medium, this powerful architecture boasts an immense scale...

The post The Trillion-Parameter Engineer: Musk Unveils Grok V9-Medium Armed with Cursor Coding Data appeared first on Information Security News.

A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool’s NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory GHSL-2026-140, the flaw resides in the CInStream::GetCuSize() function inside NtfsHandler.cpp. The function computes the NTFS […]

The post New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems appeared first on Cyber Security News.