Aggregator
Sensitive Financial Intelligence Exposed on Darknet Forum
1 month 3 weeks ago
You must login to view this content
cohenido
NASA послала крошку-телескоп следить за звёздами-убийцами — их вспышки уничтожают атмосферы планет
1 month 3 weeks ago
… и нам очень важно понять, как это работает.
CVE-2026-32439 | WebGeniusLab BigHearts Plugin up to 3.1.14 on WordPress authorization (EUVD-2026-11981)
1 month 3 weeks ago
A vulnerability identified as critical has been detected in WebGeniusLab BigHearts Plugin up to 3.1.14 on WordPress. This affects an unknown function. Performing a manipulation results in missing authorization.
This vulnerability is cataloged as CVE-2026-32439. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-32438 | vowelweb VW School Education Plugin up to 1.4.6 on WordPress authorization (EUVD-2026-11980)
1 month 3 weeks ago
A vulnerability marked as critical has been reported in vowelweb VW School Education Plugin up to 1.4.6 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization.
This vulnerability is documented as CVE-2026-32438. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-32437 | vowelweb VW Portfolio Plugin up to 1.3.3 on WordPress authorization (EUVD-2026-11977)
1 month 3 weeks ago
A vulnerability described as critical has been identified in vowelweb VW Portfolio Plugin up to 1.3.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in missing authorization.
This vulnerability is reported as CVE-2026-32437. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-32436 | vowelweb VW Photography Plugin up to 1.3.8 on WordPress authorization (EUVD-2026-11976)
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in vowelweb VW Photography Plugin up to 1.3.8 on WordPress. This issue affects some unknown processing. Executing a manipulation can lead to missing authorization.
This vulnerability is handled as CVE-2026-32436. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-32440 | Ex-Themes WP Food Plugin up to 2.7.1 on WordPress authorization (EUVD-2026-11983)
1 month 3 weeks ago
A vulnerability classified as critical was found in Ex-Themes WP Food Plugin up to 2.7.1 on WordPress. This affects an unknown part. Such manipulation leads to missing authorization.
This vulnerability is traded as CVE-2026-32440. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-32445 | Elementor Website Builder Plugin up to 3.35.5 on WordPress authorization (EUVD-2026-11989)
1 month 3 weeks ago
A vulnerability was found in Elementor Website Builder Plugin up to 3.35.5 on WordPress and classified as critical. The affected element is an unknown function. The manipulation results in missing authorization.
This vulnerability was named CVE-2026-32445. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2026-32446 | Syed Balkhi Contact Form by WPForms Plugin up to 1.9.9.3 on WordPress authorization (EUVD-2026-11991)
1 month 3 weeks ago
A vulnerability was found in Syed Balkhi Contact Form by WPForms Plugin up to 1.9.9.3 on WordPress. It has been declared as critical. This affects an unknown function. Such manipulation leads to missing authorization.
This vulnerability is referenced as CVE-2026-32446. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-32443 | Josh Kohlbach Product Feed Pro for WooCommerce Plugin up to 13.5.2 on WordPress cross-site request forgery (EUVD-2026-11987)
1 month 3 weeks ago
A vulnerability classified as problematic was found in Josh Kohlbach Product Feed Pro for WooCommerce Plugin up to 13.5.2 on WordPress. This affects an unknown function. The manipulation results in cross-site request forgery.
This vulnerability is reported as CVE-2026-32443. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-32442 | E2Pdf Plugin up to 1.28.15 on WordPress authorization (EUVD-2026-11985)
1 month 3 weeks ago
A vulnerability has been found in E2Pdf Plugin up to 1.28.15 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authorization.
This vulnerability is traded as CVE-2026-32442. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-1948 | webaways NEX-Forms Plugin up to 9.1.9 on WordPress deactivate_license authorization (EUVD-2026-12182)
1 month 3 weeks ago
A vulnerability has been found in webaways NEX-Forms Plugin up to 9.1.9 on WordPress and classified as critical. This affects the function deactivate_license. This manipulation causes missing authorization.
This vulnerability is tracked as CVE-2026-1948. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2026-4163 | Wavlink WL-WN579A3 220323 POST Request /cgi-bin/wireless.cgi SetName/GuestWifi command injection (EUVD-2026-12192)
1 month 3 weeks ago
A vulnerability was found in Wavlink WL-WN579A3 220323. It has been classified as critical. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection.
This vulnerability is cataloged as CVE-2026-4163. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
Upgrading the affected component is recommended.
vuldb.com
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
1 month 3 weeks ago
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations, […]
Pierluigi Paganini
Submit #765328: Wavlink WL-WN579A3 V220323 Command Injection [Duplicate]
1 month 3 weeks ago
Submit #765328 / VDB-351070
LtzHuster
Submit #765327: Wavlink WL-WN579A3 V220323 Command Injection [Accepted]
1 month 3 weeks ago
Submit #765327 / VDB-351070
LtzHuster
Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets
1 month 3 weeks ago
JFrog security researchers Guy Korolevski and Meitar Palas uncovered a sophisticated supply chain attack on the npm ecosystem on March 12, 2026, in which threat actors disguised an information-stealing malware as a legitimate Roblox script executor. The campaign, self-named Cipher stealer, used two malicious packages bluelite-bot-manager and test-logsmodule-v-zisko, to deliver a Windows executable capable of harvesting Discord credentials, […]
The post Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets appeared first on Cyber Security News.
Dhivya
Bulletproof-хостинги — ВСЁ. Нидерланды будут изымать серверы, замеченные в обслуживании злоумышленников
1 month 3 weeks ago
Спецслужбы вскрыли схемы, которые годами пользовались огромным спросом у хакеров.
9 块 9 交个朋友,字节的 ArkClaw 可能更适合普通人 |AI 上新
1 month 3 weeks ago
重要的还是能和工作场景打通。