Aggregator

A vulnerability classified as problematic has been found in vinod-dalvi Ivory Search Plugin up to 5.5.15 on WordPress. This vulnerability affects unknown code of the component Setting Handler. This manipulation of the argument menu_magnifier_color causes cross site scripting. This vulnerability appears as CVE-2026-11356. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in harmonic_design HD Quiz Plugin up to 2.2.1 on WordPress. This issue affects the function hdq_validate_nonce of the component Setting Handler. Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2026-13422. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in dokaninc Dokan Plugin up to 5.0.4 on WordPress. This affects an unknown function. The manipulation of the argument ID leads to authorization bypass. This vulnerability is traded as CVE-2026-11987. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in metagauss RegistrationMagic Plugin up to 6.0.8.6 on WordPress. It has been classified as critical. Affected by this issue is some unknown functionality of the component User Registration Handler. Performing a manipulation of the argument custom results in insufficient verification of data authenticity. This vulnerability was named CVE-2026-9242. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in dornaweb Product Specifications for Woocommerce Plugin up to 0.8.9 on WordPress and classified as critical. Affected by this vulnerability is the function __invoke of the component AJAX Action Handler. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-11364. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in dokaninc Dokan Plugin up to 5.0.4 on WordPress. Impacted is the function html. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-11783. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in expresstech Quiz and Survey Master Plugin up to 11.1.4 on WordPress. It has been rated as critical. This vulnerability affects unknown code of the component Database Table Handler. The manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-9233. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

Submit #838439 / VDB-374488

基于大模型的安全日志自动分析报告 by ourren

OpenClaw安全解决方案技术白皮书 by ourren

AI智能体安全治理——风险、框架与实现路径 by ourren

security-audit-skill: A coding-agent skill for multi-phase security audits by ourren

翻越围栏：智能体过度主动行为的安全分析 by ourren

人工智能供应链安全风险分析与防护体系构建 by ourren

更多最新文章，请访问SecWiki

Submit #838225 / VDB-374487

Submit #838198 / VDB-374486

Submit #838190 / VDB-374485

Submit #838189 / VDB-374484

Submit #838188 / VDB-374483

Submit #838185 / VDB-374482

Submit #837658 / VDB-374481

A vulnerability, which was classified as critical, has been found in n8n-io n8n up to 1.123.47/2.21.7/2.22.3. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in permission issues. This vulnerability was named CVE-2026-49444. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in yt-dlp up to 2026.06.8. This affects an unknown part. Performing a manipulation results in improper restriction of names for files and other resources. This vulnerability is reported as CVE-2026-50023. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in yt-dlp up to 2026.06.8. Affected is an unknown function of the component File Download Handler. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2026-50019. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in yt-dlp up to 2026.06.8 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2026-50574. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.