Practical articles on AI, online safety, and security (18 articles)
A vulnerability enabling unauthenticated remote code execution has been identified in Joomla Content Editor (JCE), prompting a CISA warning. There is a risk of PHP code execution, requiring immediate action.
An RCE vulnerability (CVE-2026-48907) in Joomla Content Editor, allowing unauthenticated PHP code execution, has been discovered and confirmed exploited by CISA. Urgent action is required.
A severe unauthenticated SQL injection vulnerability has been discovered in WordPress plugin 'eCommerce Product Catalog' versions 3.5.5 and below, allowing database manipulation without authentication. Immediate update is mandatory.
A critical vulnerability has been discovered in applications that process JavaScript embedded in PDF files. Maliciously crafted PDFs could lead to arbitrary code execution.
An authentication bypass vulnerability has been discovered in the PHP application of Nefteprodukttekhnika BUK TS-G. This could allow a remote, unauthenticated attacker to seize administrator privileges and manipulate the system.
A severe vulnerability (CVSS 9.8) allowing unauthenticated remote code execution has been discovered in Oracle PeopleSoft Enterprise PeopleTools, and numerous organizations have been compromised by zero-day attacks. Immediate patching and access restrictions are required.
An unauthenticated OS command injection vulnerability in Ivanti Sentry has been urgently disclosed. Rated with a CVSS score of 10.0, active exploitation has already been confirmed. Immediate patch application and access restrictions are mandatory.
A vulnerability in WordPress's popular backup plugin 'UpdraftPlus' is being actively exploited, potentially allowing unauthenticated attackers to gain administrator privileges and execute remote code.
An authentication bypass vulnerability with a CVSS score of 9.3 has been confirmed in Check Point's VPN products, with active exploitation by Qilin ransomware already observed. Immediate patching is required.
A critical out-of-bounds memory access vulnerability has been discovered in Google Chrome's V8 engine, and is already being actively exploited in attacks. Please update your Chrome browser to the latest version immediately.
A critical denial-of-service (DoS) vulnerability, CVE-2026-49975, has been disclosed in the mod_http module of Apache HTTP Server. Versions 2.4.17 through 2.4.67 are affected, and a prompt update is recommended.
A critical vulnerability, 'HTTP/2 Bomb,' discovered by OpenAI Codex, allows major web servers like Nginx, Apache, and IIS to be brought down by a single client with a low-bandwidth attack. Immediate action is required.
An urgent Remote Code Execution (RCE) vulnerability (CVE-2026-3300) has been identified in the WordPress 'Everest Forms Pro' plugin, and active attacks are underway. Additionally, a SQL Injection vulnerability (CVE-2025-14179) has been reported in PHP's PDO Firebird driver. Engineers are urged to promptly update their systems and implement countermeasures.
A PHP object injection vulnerability, enabling unauthenticated remote code execution, has been discovered in the Mirasvit Full Page Cache Warmer plugin for Magento 2, prompting CISA to issue an urgent alert.
A critical vulnerability (CVE-2026-8732) in the WordPress plugin 'WP Maps Pro' is being actively exploited, allowing attackers to create unauthenticated administrator accounts and gain full control of affected sites. Immediate update to version 6.1.1 or higher is required.
A highly critical vulnerability has been discovered in the popular WordPress plugin "WP Maps Pro," allowing unauthenticated attackers to create administrator accounts. This vulnerability is being actively exploited. Immediate updates are required.
An XPath injection vulnerability has been discovered in the APS catalog search function of Plesk for Linux. Low-privileged users can gain root privileges and execute arbitrary OS commands. An urgent update is recommended.
A severe authentication bypass vulnerability (CVE-2026-0257) has been disclosed in Palo Alto Networks PAN-OS GlobalProtect, and active exploitation has been confirmed. Urgent patch application and mitigation measures are essential.