Aggregator

A vulnerability identified as problematic has been detected in tolgee tolgee-platform up to 3.166.2. Affected by this vulnerability is an unknown functionality of the component XML Parser. This manipulation causes xml external entity reference. The identification of this vulnerability is CVE-2026-32251. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in BoldGrid Client Invoicing by Sprout Invoices Plugin up to 20.8.9 on WordPress and classified as critical. Affected is an unknown function. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is cataloged as CVE-2026-32401. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in gVectors wpDiscuz up to 7.6.46. Affected by this issue is some unknown functionality of the component CSS Setting Handler. The manipulation of the argument customCss leads to cross site scripting. This vulnerability is listed as CVE-2026-22209. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Linksys E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000 and E900. This affects an unknown function of the file /tmUnblock.cgi of the component Service Port 8080. Performing a manipulation of the argument ttcp_ip results in os command injection. This vulnerability is known as CVE-2025-34037. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to upgrade the affected component.

Foster City warned that it is possible the hackers obtained public information, urging anyone that has done business with the city to change personal passwords and take measures to protect personal data.

A vulnerability categorized as critical has been discovered in TP-Link AX53. This impacts an unknown function. Executing a manipulation can lead to command injection. This vulnerability appears as CVE-2025-15607. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in TP-Link AX53. It has been classified as critical. The affected element is an unknown function. This manipulation causes stack-based buffer overflow. This vulnerability is registered as CVE-2025-15608. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident. Navia Benefit Solutions is a U.S.-based company that provides […]

Phishing Campaign Used AsyncRAT to Maintain Long-Term Network Access
A suspected cyberespionage campaign targeted a Libyan oil refinery using commodity malware and politically themed phishing lures. The activity ran from November 2025 to mid-February, with evidence that attackers maintained long-term access to at least one oil company network.

No Arrests, But Virtual Servers, IP Addresses Seized and Residencies Searched
U.S. authorities seized KimWolf - the attack infrastructure responsible for the largest distributed denial of service attack yet recorded in an international police operation that swept up servers underpinning four botnets.

Name: m0leCon CTF 2026 (an m0leCon CTF event.)
Date: March 19, 2026, 4 p.m. — 20 March 2026, 16:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Italy, Torino
Offical URL: https://finals.m0lecon.it/
Rating weight: 75.00
Event organizers: pwnthem0le

Author, Creator & Presenter: Bryson Loughmiller - Principal Platform Security Architect At Entrata

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesSLC 2025 – Security Con For Dummies – An Intro appeared first on Security Boulevard.

Легальные способы загружать музыку, фильмы и игры без штрафов и троянов.

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]

A vulnerability, which was classified as problematic, has been found in WP Photo Album Plus Plugin up to 8.0.9 on WordPress. Impacted is an unknown function. This manipulation causes cross site scripting. This vulnerability appears as CVE-2021-25115. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in J.N. Breetvelt WP Photo Album Plus Plugin up to 8.5.02.005 on WordPress. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2023-49813. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Red Hat Ansible Automation Platform 2 and classified as problematic. The affected element is an unknown function of the component Event-Driven Ansible. The manipulation results in debug messages revealing unnecessary information. This vulnerability is identified as CVE-2025-2877. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in striae-org striae up to 2.x and classified as problematic. This impacts an unknown function. Such manipulation leads to improper validation of integrity check value. This vulnerability is referenced as CVE-2026-31839. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.