Aggregator

A vulnerability was found in Modal Popup Box Plugin up to 1.5.2 on WordPress and classified as critical. The impacted element is the function awl_modal_popup_box_shortcode. The manipulation results in code injection. This vulnerability is known as CVE-2024-2008. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Tag and Category Manager Plugin up to 3.13.0 on WordPress. It has been declared as problematic. This impacts an unknown function of the component Shortcode Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2830. The attack can be launched remotely. No exploit exists.

A vulnerability classified as problematic was found in CGC Maintenance Mode Plugin up to 1.2 on WordPress. Affected is an unknown function. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2024-1418. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability was found in devitemsllc ShopLentor Plugin up to 2.8.3 on WordPress and classified as problematic. The affected element is an unknown function. Such manipulation of the argument slitems leads to cross site scripting. This vulnerability is listed as CVE-2024-2868. The attack may be performed from remote. There is no available exploit.

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete list

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内。首先，我需要快速浏览文章，抓住主要信息。文章讲的是发现了108个Chrome扩展程序，它们被用来窃取用户数据和进行浏览器层面的滥用。这些扩展程序通过同一个命令控制基础设施运作，窃取Google账户信息、注入广告和JavaScript代码。 接下来，我注意到这些扩展程序伪装成各种合法工具，比如Telegram客户端、游戏和翻译工具。它们通过OAuth2窃取Google账户身份，并且在后台运行恶意代码，捕获会话信息。此外，这些扩展还剥离了YouTube和TikTok的安全头，注入赌博覆盖层和广告。 文章还提到，所有108个扩展共享同一个后端服务器，并且在代码中发现了俄语评论。目前还不清楚是谁在背后操纵这些扩展程序。最后，建议用户立即删除这些扩展，并从Telegram移动应用中注销所有Web会话。 现在我要把这些信息浓缩到100字以内。需要包括发现的扩展数量、它们的功能、伪装成合法工具、窃取数据、注入广告和JavaScript代码、后端服务器以及建议删除扩展等关键点。 可能的结构是：描述发现的恶意Chrome扩展数量及其目的，伪装成合法工具，窃取数据并注入广告/脚本，所有共享同一后端，并建议删除。 这样应该能在100字以内准确传达文章的核心内容。 研究人员发现108款恶意Chrome扩展程序通过伪装成合法工具窃取用户数据并注入广告及脚本代码。这些扩展共享同一后端服务器，并利用OAuth2等技术窃取Google账户信息及Telegram会话数据。建议用户立即删除相关扩展以防止进一步风险。

A vulnerability, which was classified as problematic, was found in arraytics Eventin Plugin up to 4.1.8 on WordPress. Impacted is the function get_item_permissions_check. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-4109. The attack can be executed remotely. There is not any exploit available.

VK предлагает сделать «Дзен» национальной информационной платформой.

好的，我现在要帮用户总结这篇文章。首先，我需要仔细阅读文章内容，理解其主要信息。文章讲的是欧盟立法机构和各国政府达成协议，提高钢铁进口关税，以保护本地产业，特别是针对中国等国家的廉价竞争。 接下来，我需要确定用户的需求。用户要求用中文总结，控制在100字以内，并且不要以“文章内容总结”或“这篇文章”开头。这意味着我需要直接描述文章内容。 然后，我要提取关键信息：欧盟提高了钢铁关税至50%，削减了47%的免税额度，将免税配额减少到1830万吨，并且议案需要欧洲理事会和议会批准才能生效。此外，现行关税将在六月底结束。 现在，我要将这些信息浓缩成一句话或几句话，确保不超过100字。同时要保持语言简洁明了，不使用复杂的词汇。 最后，检查是否符合所有要求：字数控制、开头方式、信息准确无误。确保没有遗漏重要细节，并且表达清晰。 欧盟与各国政府达成协议,将钢铁进口关税提高至50%,并大幅削减免税额度,以保护本地钢铁产业,防止中国等国廉价竞争。

A vulnerability has been found in Mozilla Firefox up to 148 and classified as critical. Affected is an unknown function of the component JavaScript Engine. This manipulation causes type confusion. This vulnerability is tracked as CVE-2026-4702. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as problematic was found in Mozilla Firefox up to 148. This issue affects some unknown processing of the component HTTP. Such manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2026-4700. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 148. This impacts an unknown function of the component JavaScript Engine. The manipulation results in use after free. This vulnerability is identified as CVE-2026-4701. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 148. This vulnerability affects unknown code of the component JIT. This manipulation causes type confusion. The identification of this vulnerability is CVE-2026-4698. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 148. The impacted element is an unknown function of the component Fonts. Executing a manipulation can lead to memory corruption. The identification of this vulnerability is CVE-2026-4699. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Mozilla Firefox up to 148. This vulnerability affects unknown code of the component Fonts. The manipulation results in use after free. This vulnerability is known as CVE-2026-4696. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 148. This affects an unknown function of the component Web Codecs. The manipulation leads to memory corruption. This vulnerability is referenced as CVE-2026-4697. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Mozilla Firefox up to 148. This issue affects some unknown processing of the component Web Codecs. This manipulation causes memory corruption. This vulnerability is handled as CVE-2026-4695. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

2026年4月14日，深瞳漏洞实验室监测到一则Marimo组件存在绕过认证漏洞的信息，漏洞编号：CVE-2026-39987，漏洞威胁等级：高危。