Aggregator

A vulnerability classified as critical has been found in opensource-workshop connect-cms up to 1.41.0/2.41.0. Affected is an unknown function of the component My Page. Performing a manipulation results in improper authorization. This vulnerability is cataloged as CVE-2026-32300. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in opensource-workshop connect-cms up to 1.41.0/2.41.0. This impacts an unknown function. Such manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-32299. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in opensource-workshop connect-cms up to 1.41.0/2.41.0. This affects an unknown function. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-32279. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in rails actionview. The impacted element is an unknown function of the component Attribute Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-33168. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

好，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读整篇文章，抓住关键点。 文章讲的是Crunchyroll发生了数据泄露事件，黑客声称窃取了680万人的个人信息。Crunchyroll正在调查，并提到泄露的信息主要来自客服工单，涉及第三方供应商Telus International的员工。攻击者通过感染员工电脑获取凭证，访问了多个应用系统，下载了800万条工单记录。虽然没有信用卡详细信息的大规模泄露，但部分信息可能被暴露。黑客索要赎金但未得到回应。 接下来，我需要把这些信息浓缩到100字以内。要确保包括Crunchyroll、数据泄露、680万人、第三方供应商、客服工单、攻击手段、赎金要求等关键点。 可能会这样组织句子：Crunchyroll遭遇数据泄露，680万用户信息被窃取。事件源于第三方供应商员工账户被入侵，导致客服工单数据外泄。黑客索要500万美元赎金未果。 这样既涵盖了主要事件、原因和后果，又控制在了字数限制内。 知名动漫流媒体平台Crunchyroll遭遇数据泄露事件，约680万名用户个人信息被窃取。此次事件源于第三方供应商员工账户被入侵，导致客服工单数据外泄。攻击者索要500万美元赎金未果。

A vulnerability identified as critical has been detected in Indico up to 3.3.11. The affected element is an unknown function of the file indico.conf of the component LaTeX Handler. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-33046. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in OpenClaw up to 2026.3.6. Impacted is an unknown function of the file /acp. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-27646. The attack can only be executed locally. There is no exploit available. It is advisable to upgrade the affected component.

好，我现在需要帮用户总结一篇文章，控制在100字以内。首先，我得仔细阅读文章内容，抓住关键信息。 文章讲的是Trio-Tech International的子公司在新加坡遭到勒索软件攻击。事件发生在3月11日，导致部分文件被加密。公司立即启动应急响应，下线系统，并与第三方专家合作调查，还通知了执法部门。攻击者泄露了部分数据，公司认为这可能构成重大事件。目前调查仍在进行中，公司正在与保险公司合作处理理赔，并未透露攻击者身份，但Gunra团伙声称是他们干的。 接下来，我需要把这些信息浓缩到100字以内。重点包括：子公司被勒索软件攻击、时间、影响、应对措施、数据泄露、重大事件认定、调查进展和保险合作。 可能的结构：Trio-Tech子公司遭受勒索软件攻击，导致文件加密；公司采取应急措施并展开调查；攻击者泄露数据，可能构成重大事件；调查中，与保险公司合作；Gunra团伙声称责任。 现在组合成一个连贯的句子： Trio-Tech子公司遭遇勒索软件攻击，部分文件被加密；公司启动应急程序并展开调查；攻击者泄露数据，可能构成重大事件；调查仍在进行中，并与保险公司合作处理理赔；Gunra团伙声称对此负责。 检查字数是否在100字以内。看起来没问题。 Trio-Tech International位于新加坡的子公司遭遇勒索软件攻击，导致部分文件被加密。公司迅速启动应急响应程序，并在第三方专家协助下展开调查。攻击者随后泄露了部分数据，可能构成重大网络安全事件。目前调查仍在进行中，并与网络保险提供商合作处理理赔事宜。

A vulnerability was found in expresstech Quiz and Survey Master Plugin up to 10.3.5 on WordPress. It has been rated as critical. This issue affects the function sanitize_text_field of the component Parameter Handler. Performing a manipulation of the argument wpdb results in sql injection. This vulnerability was named CVE-2026-2412. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in thimpress LearnPress Plugin up to 4.3.2.8 on WordPress. It has been declared as problematic. This vulnerability affects the function delete_question_answer. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-3225. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in wpjobportal WP Job Portal Plugin up to 2.4.8 on WordPress. It has been classified as critical. This affects an unknown part of the component Parameter Handler. This manipulation of the argument radius causes sql injection. This vulnerability is handled as CVE-2026-4306. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in inc2734 Smart Custom Fields Plugin up to 5.0.6 on WordPress and classified as problematic. Affected by this issue is the function relational_posts_search. The manipulation results in missing authorization. This vulnerability is known as CVE-2026-4066. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in OpenClaw up to 2026.3.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Header Validation Handler. The manipulation leads to insufficiently protected credentials. This vulnerability is traded as CVE-2026-32913. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in rails actionpack up to 8.1/8.1.2.1. Affected is the function consider_all_requests_local. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-33167. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenClaw up to 2026.3.6. This impacts an unknown function. Performing a manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-27183. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in rails activesupport. This affects the function html_unsafe. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-33170. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in wpeverest User Registration & Membership Plugin up to 5.1.4 on WordPress. The impacted element is the function check_permissions of the component REST API Endpoint. This manipulation causes missing authorization. This vulnerability is registered as CVE-2026-4056. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in StellarWP LearnDash LMS Plugin up to 5.0.3 on WordPress. The affected element is an unknown function of the component AJAX Action Handler. The manipulation of the argument filters[orderby_order] results in sql injection. This vulnerability is cataloged as CVE-2026-3079. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in aquasecurity setup-trivy, trivy-action and trivy up to 0.2.5. Impacted is an unknown function. The manipulation leads to embedded malicious code. This vulnerability is listed as CVE-2026-33634. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in PTC Windchill PDMLink and FlexPLM up to 13.1.3.0. This issue affects some unknown processing. Executing a manipulation can lead to code injection. This vulnerability is tracked as CVE-2026-4681. The attack can be launched remotely. No exploit exists.