Aggregator

A vulnerability was found in Oracle MySQL Server up to 8.0.45/8.4.8/9.6.0. It has been rated as problematic. The impacted element is an unknown function of the component InnoDB. The manipulation leads to denial of service. This vulnerability is listed as CVE-2026-22004. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Framework Filter Package up to 3.0.5/4.0.1 on Joomla. Affected is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-48905. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5/9.0. It has been classified as critical. This affects an unknown part. The manipulation leads to code injection. This vulnerability is documented as CVE-2026-8633. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5/9.0. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Request Handler. This manipulation causes http request smuggling. This vulnerability appears as CVE-2026-8620. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

维基媒体基金会在五月中旬解雇了 MediaWiki 资深首席开发者 Brooke Vibber，5 月 21 日解散了 Community Tech 团队，五名工程师和一名经理全部离职。他们多数人都是工会组织者。Brooke Vibber 于 2003 年初担任 MediaWiki 项目的首席开发者，维基百科就运行在 MediaWiki 之上，她是维基媒体基金会聘用的第一位全职员工，也是首位 CTO，她被认为是少数深入理解系统技术底层的资深开发者。而 Community Tech 团队旨在通过 Community Wishlist 实现社区志愿者们想要的功能。维基媒体基金会此举立即引发了志愿者的抗议，社区志愿者准备采取罢工等集体行动。这是首次志愿者与基金会员工联合发起声援行动。名叫 Femke 的管理员认为一个致力于造福社会的组织，不应该在没有工会的情况下运作。维基媒体基金会拥有 2.966 亿美元的储备金，足以支付 17.1 个月的运营支出。而工会 Wiki Workers United 只要求：领导层对员工和社区保持透明和负责；决策前倾听员工对年度规划的建议；告别朝令夕改的招人、辞退与晋升乱象，等等，相当的温和。

维基媒体基金会在五月中旬解雇了 MediaWiki 资深首席开发者 Brooke Vibber，5 月 21 日解散了 Community Tech 团队，五名工程师和一名经理全部离职。他

苹果公司可能计划借鉴安卓的防盗妙招苹果公司正在开发一项功能，该功能可以在iPhone被用户抢走时自动锁定。该功能预计将借鉴安卓的 “被盗检测锁定” 机制，利用多种信号的组合来判断手机是否被抢夺。目前苹

Microsoft recently initiated the distribution of its May “C” preview update for Windows 11. This release serves as an early testing vehicle for upcoming capabilities. Consequently, these components will undergo validation before merging into...

The post Architectural Refinements and Feature Modernization in the Latest Windows 11 Preview Deployment appeared first on Information Security News.

A vulnerability, which was classified as critical, was found in ProjeQtor up to 12.4.3. This impacts an unknown function of the file dynamicDialog.php. Executing a manipulation of the argument logname can lead to path traversal. This vulnerability is registered as CVE-2026-41465. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability classified as problematic was found in OpenClaw up to 2026.4.7. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to incorrect authorization. This vulnerability is tracked as CVE-2026-42432. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Filehippo Free Download Manager 2.0. This impacts an unknown function of the component URL File Handler. The manipulation leads to buffer overflow. This vulnerability is referenced as CVE-2018-25304. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in VideoFlow Digital Video Protection 1.40.0.15/2.10/2.10.0.5. This affects an unknown part of the file downloadsys.pl. Performing a manipulation of the argument ID results in path traversal. This vulnerability is cataloged as CVE-2018-25311. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Shenzhen Yipu WDR201A WiFi Extender up to 1.02. Affected is the function set_wifi_basic of the file wireless.cgi. The manipulation of the argument sz11gChannel/PIN leads to os command injection. This vulnerability is traded as CVE-2026-41922. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as critical has been reported in Rajodiya ERPGo SaaS 3.9. Affected by this vulnerability is an unknown functionality of the component CSV File Handler. This manipulation of the argument vendor name causes csv injection. This vulnerability is handled as CVE-2023-54348. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as problematic was found in OpenClaw up to 2026.4.9. This vulnerability affects unknown code. Executing a manipulation can lead to allocation of resources. The identification of this vulnerability is CVE-2026-42437. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in X.org X11 Server. Affected is an unknown function of the component X Keyboard Extension. This manipulation causes buffer access with incorrect length value. This vulnerability is registered as CVE-2026-34002. The attack needs to be launched locally. No exploit is available.

A vulnerability was found in Scott Paterson easy-paypal-events-tickets up to 1.3 on WordPress. It has been declared as problematic. This impacts an unknown function of the file scan_qr.php of the component QR Code Scanning Endpoint. The manipulation results in authorization bypass. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2026-41471. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Jules Colle Conditional Fields for Contact Form 7 up to 2.7.2 on WordPress. It has been classified as problematic. This affects the function hide_hidden_mail_fields_regex_callback of the component REST API Endpoint. The manipulation leads to improper validation of specified quantity in input. This vulnerability is referenced as CVE-2026-25863. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.