Our news

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info abhisheksaha11–URL Preview The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the ‘url’ parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web…

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10Web–Form Maker by 10Web Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. 2026-06-15 9.3 CVE-2026-39502 404-redirection-manager–404 Redirection Manager The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL…

READ MORE →

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.   To defend against this…

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdguardTeam–AdGuardHome AdGuard Home, when started with the –glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within…

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10Web–Photo Gallery by 10Web Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41. 2026-06-04 7.6 CVE-2026-49771 AAM Plugin–Advanced Access…

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1Panel-dev–MaxKB MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB’s webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which Django REST Framework interprets as successful authentication. Combined with optional per-trigger token verification and no…

READ MORE →

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and…

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10-Strike–Network Inventory Explorer 10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with…

READ MORE →