Aggregator

A vulnerability was found in open-webui Open WebUI up to 0.8.10. It has been classified as critical. This impacts an unknown function. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-34222. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in himmelblau-idm himmelblau up to 2.3.8/3.1.0 and classified as critical. This affects an unknown function of the component NSS Module. Executing a manipulation can lead to improper privilege management. This vulnerability is handled as CVE-2026-34397. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in auth0 auth0-PHP up to 8.18.x and classified as problematic. The impacted element is an unknown function. Performing a manipulation results in insufficient entropy. This vulnerability is known as CVE-2026-34236. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

记录一次php代码审计

Discover why 67% of security alerts go uninvestigated and how an AI intelligence layer closes the gap without replacing your SIEM.

The post The AI Intelligence Layer for SIEM, Explained: What It Does, Why It Matters, and How to Evaluate One appeared first on D3 Security.

The post The AI Intelligence Layer for SIEM, Explained: What It Does, Why It Matters, and How to Evaluate One appeared first on Security Boulevard.

本文深入探讨了 JEEWMS v3.7中存在的四个远程代码执行漏洞。作者受SUCTF启发，详细展示了如何通过绕过鉴权逻辑来利用未授权的高危接口。指出其安全性问题本质上源于鉴权机制不严以及文件/路径处理逻辑中的过滤缺失。文章提供了详细的调试过程、Payload 构造及复现截图，具有实操参考价值。

JeecgBoot ≤3.4.0 验证码逻辑缺陷导致任意用户注册漏洞核心问题是由于系统对Redis缓存Key设计不严谨、验证码来源未做业务隔离、校验逻辑存在权限所导致

1. 深度分析Dridex分析 2. 介绍分析过程中的各种技巧 3. 编写脚本提取C2

Smartbi的RMIServlet接口由于其方法调用的功能，出现过非常多漏洞，以这个接口为切入点，开始分析其出现过的部分历史漏洞。

OpenClaw作为最近爆火的AI应用，其设计者已深刻意识到了外部攻击面的风险，并构建了多层的静态防护机制，但当攻击者利用长上下文的认知负载和任务导向性等手段逐步诱导AI忽略安全边界时，AI 似乎难以始终守住边界，最终仍可能执行恶意命令。

A vulnerability categorized as problematic has been discovered in Tobias Conrad Builder for WooCommerce Reviews Shortcodes Plugin up to 1.01.3 on WordPress. This affects an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-29093. The attack can be launched remotely. No exploit exists.

A vulnerability was found in YITH WooCommerce Product Add-Ons Plugin up to 4.5.0 on WordPress. It has been rated as problematic. The affected element is an unknown function. This manipulation causes cross site scripting. This vulnerability appears as CVE-2024-27994. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as problematic has been discovered in Typps Calendarista Basic Edition Plugin up to 3.0.2 on WordPress. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-27993. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in WPFunnels Team WPFunnels Plugin up to 3.0.6 on WordPress. The affected element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2024-27965. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in WP Lab WP-Lister Lite for Amazon Plugin up to 2.6.11 on WordPress. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2024-2889. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in WP Lab WP-Lister Lite for Amazon Plugin up to 2.6.8 on WordPress. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2024-30199. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Andy Moyle Church Admin Plugin up to 4.0.26 on WordPress. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-30197. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in Cloudways Breeze Plugin up to 2.1.3 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2024-27188. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in Supsystic Photo Gallery Plugin up to 1.15.16 on WordPress. This impacts an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2024-29921. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Andy Moyle Church Admin Plugin up to 4.1.17 on WordPress. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. This vulnerability appears as CVE-2024-30193. The attack may be initiated remotely. There is no available exploit.