Aggregator

Currently trending CVE - Hype Score: 1 - In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via ...

Currently trending CVE - Hype Score: 1 - The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules") details the dma-fence safe access rules. The most common culprit is that ...

Currently trending CVE - Hype Score: 9 - In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Currently trending CVE - Hype Score: 1 - Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a ...

Currently trending CVE - Hype Score: 1 - Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. ...

Currently trending CVE - Hype Score: 15 - An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an ...

Currently trending CVE - Hype Score: 1 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

A vulnerability labeled as problematic has been found in softpulseinfotech SP Blog Designer Plugin up to 1.0.0 on WordPress. Affected by this issue is the function wpsbd_post_carousel of the component Shortcode Handler. The manipulation of the argument design results in cross site scripting. This vulnerability is identified as CVE-2026-4859. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in bjornjohansen BJ Lazy Load Plugin up to 1.0.9 on WordPress. Affected by this vulnerability is the function filter_images. The manipulation of the argument Class leads to cross site scripting. This vulnerability is referenced as CVE-2026-2300. Remote exploitation of the attack is possible. No exploit is available.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

BitLocker降级攻击PoC已公开|ClaudeChrome扩展会话劫持|PHP SOAP RCE CVSS9.5|Cline WebSocket劫持CVSS9.6|SAP双漏洞|共6条高危漏洞

A vulnerability categorized as problematic has been discovered in kcseopro WP SEO Structured Data Schema Plugin up to 2.8.1 on WordPress. Affected is an unknown function. Executing a manipulation of the argument _kcseo_ative_tab can lead to cross site scripting. The identification of this vulnerability is CVE-2026-3604. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Arraytics Timetics Plugin up to 1.0.53 on WordPress. It has been rated as critical. This impacts an unknown function. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-39432. The attack may be initiated remotely. There is no available exploit.

New StorybyGooglebyGoogle@googleGoogle develops search, advertising, cloud, and AI technologies at

《Forza Horizon 6》游戏文件在上市 10 天前就提前泄密，盗版网站比正版网站提前放出了可游戏版本。开发商 Playground Games 证实游戏提前泄露，警告玩家不要玩盗版版本，威胁会进行严惩，包括“全系列封禁和硬件封禁”。一名 YouTube 主播使用泄露版本上传了一段 45 分钟的游戏视频，该玩家随后遭到了终身封禁，其封禁期一直持续到 9999 年 12 月 31 日。玩家即使没有上传视频，如果检测到玩泄露版本也会严惩。《Forza Horizon 6》将于 5 月 19 日发售。

《Forza Horizon 6》游戏文件在上市 10 天前就提前泄密，盗版网站比正版网站提前放出了可游戏版本。开发商 Playground Games 证实游戏提前泄露，警告玩家不要玩盗

阅读： 53.4. 开放权重模型权重是使模型能够处理输入并生成输出的数学参数，AI企业对其模型权重具有的访问权限级别会影响模型带来的风险。对于任何特定的模型，公司

Кто виноват: санкции, VPN или перекупщики доступов?

A vulnerability was found in 10up Eight Day Week Print Workflow Plugin up to 1.2.6 on WordPress. It has been declared as critical. This affects the function pp-get-articles of the component AJAX Action Handler. Such manipulation of the argument Title leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5028. The attack can be launched remotely. No exploit exists.