Aggregator
CVE-2026-58033 | Wikimedia MediaWiki up to 1.45.x/1.45.3/1.44.5/1.43.8 InfoAction.Php information disclosure
CVE-2026-58029 | Wikimedia MediaWiki up to 1.45.x/1.45.3/1.44.5/1.43.8 ApiChangeAuthenticationData.Php, Remote Code Execution
CVE-2026-58027 | Wikimedia AbuseFilter up to 1.45.x/1.45.3/1.44.5/1.43.8 QueryAbuseFilters.Php information disclosure
CVE-2026-58026 | Wikimedia MediaWiki up to 1.45.x/1.45.3/1.44.5/1.43.8 Parser.Php information disclosure
CVE-2026-58025 | Wikimedia MediaWiki up to 1.45.x/1.45.3/1.44.5/1.43.8 WikiImporter.Php deserialization
CVE-2026-58024 | Wikimedia MediaWiki up to 1.45.x/1.45.3/1.44.5/1.43.8 ApiUserrights.Php information disclosure
CVE-2026-34098 | guardian language-system up to 119 GET Parameter media.php ID cross site scripting
CVE-2026-57517 | Control Web Panel 0.9.8.1209 User Endpoint userRes sql injection
CVE-2025-15646 | BPS HTML::Gumbo up to 0.18 on Perl lib/HTML/Gumbo.xs strlen type confusion
CVE-2026-13706 | Wikimedia UrlShortener up to 1.46.0/1.45.4/1.44.6/1.43.9 input validation
CVE-2026-24245 | NVIDIA Megatron-Bridge on Linux deserialization
CVE-2026-24244 | NVIDIA Megatron-Bridge on Linux deserialization
CVE-2026-24243 | NVIDIA Megatron-Bridge on Linux deserialization
CVE-2026-24240 | NVIDIA Megatron-Bridge on Linux deserialization
CVE-2026-13707 | Wikimedia OAuth up to 1.46.0/1.45.4/1.44.6/1.43.9 /Backend/MWOAuthServer session fixiation
Hackers target Microsoft 365 accounts with 81 million login attempts
Indian Govt Halts Meta’s WhatsApp Usernames Rollout Over Fraud Concerns
The Indian government has issued a formal notice to WhatsApp LLC (Meta), directing the platform to justify why regulatory action should not be taken against its newly announced “usernames” feature and instructing the company not to roll it out in India until consultations are satisfactorily concluded. The letter, addressed to WhatsApp’s Chief Compliance Officer for […]
The post Indian Govt Halts Meta’s WhatsApp Usernames Rollout Over Fraud Concerns appeared first on Cyber Security News.
Critical Cursor IDE RCE Vulnerabilities Enable Prompt Injection in Zero-Click
Two critical remote code execution (RCE) vulnerabilities in Cursor IDE, the AI-powered development environment used by more than half of Fortune 500 companies. Cato AI Labs has disclosed two flaws, dubbed ” DuneSlide, ” both of which carry a 9.8 CVSS severity score and were assigned CVE-2026-50548 and CVE-2026-50549, allowing attackers to break out of […]
The post Critical Cursor IDE RCE Vulnerabilities Enable Prompt Injection in Zero-Click appeared first on Cyber Security News.
SecWiki News 2026-07-01 Review
更多最新文章,请访问SecWiki