Aggregator

CVE-2026-11989 | bitpressadmin Bit integrations Plugin up to 2.8.7 on WordPress Attachment Field server-side request forgery (EUVD-2026-37985)

Vuldb Updates
4 days 15 hours ago
A vulnerability described as critical has been identified in bitpressadmin Bit integrations Plugin up to 2.8.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Attachment Field Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2026-11989. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-41715 | Vmware Spring Reactor Netty up to 1.0.51/1.1.35/1.2.17/1.3.5 HTTP Redirect insufficiently protected credentials (EUVD-2026-35322)

Vuldb Updates
4 days 15 hours ago
A vulnerability marked as critical has been reported in Vmware Spring Reactor Netty up to 1.0.51/1.1.35/1.2.17/1.3.5. Impacted is an unknown function of the component HTTP Redirect Handler. Performing a manipulation results in insufficiently protected credentials. This vulnerability is cataloged as CVE-2026-41715. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Weekly Update 509

Troy Hunt
4 days 15 hours ago

I know enough about home cinema audiovisual to know there's a lot I don't know. It's conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That's not to sound derogatory (it's

Troy Hunt

Product showcase: How to evaluate AI SOC platforms and where Prophet AI leads

Help Net Security
4 days 16 hours ago

The Agentic SOC market is loud. Dozens of vendors promise to take alert triage, investigation, and response off your analysts’ plates, but most claims have never been tested in production. The hard part is separating operational improvement from this marketing noise. Gartner makes the stakes concrete. In Validate the Promises of AI SOC Agents With These Key Questions, analysts Craig Lawson and Andrew Davies project that 70% of large SOCs will pilot AI agents for … More →

The post Product showcase: How to evaluate AI SOC platforms and where Prophet AI leads appeared first on Help Net Security.

Help Net Security

ZDI-CAN-31587: OriginLab

ZDI: Upcoming Advisories
4 days 16 hours ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'chwrld (@chwrld24)' was reported to the affected vendor on: 2026-06-24, 4 days ago. The vendor is given until 2026-10-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-32004: Microsoft

ZDI: Upcoming Advisories
4 days 16 hours ago
A CVSS score 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Nitesh Surana (niteshsurana.com) of TrendAI Research' was reported to the affected vendor on: 2026-06-24, 4 days ago. The vendor is given until 2026-10-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

CVE-2026-20220 | Cisco Crosswork Network Change Automation up to 7.2.0 Web-based Management Interface injection (cisco-sa-cnc-inj-QNMeEmxk / EUVD-2026-37750)

Vuldb Updates
4 days 16 hours ago
A vulnerability, which was classified as critical, was found in Cisco Crosswork Network Change Automation. This affects an unknown part of the component Web-based Management Interface. The manipulation results in injection. This vulnerability is identified as CVE-2026-20220. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-36418 | jeecgboot JimuReport up to 2.3.4 Aviator executeSelectApi code injection

Vuldb Updates
4 days 16 hours ago
A vulnerability was found in jeecgboot JimuReport up to 2.3.4. It has been rated as critical. The impacted element is an unknown function of the file /jmreport/executeSelectApi of the component Aviator Handler. The manipulation leads to code injection. This vulnerability is documented as CVE-2026-36418. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2026-20181

CVE Trends
4 days 16 hours ago
Currently trending CVE - Hype Score: 3 - A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This ...

CVE-2024-4577

CVE Trends
4 days 16 hours ago
Currently trending CVE - Hype Score: 3 - In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP ...

Managed ad