Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-57692

WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability_CVE-2026-57692

Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a thro...

LCweb PrivateContent n/a CVE
HIGH 8.8 THN:45DBF678A05...

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android_THN:45DBF678A05E043F3FDBB5FE129695AB

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4BJdHYquuxXoz8n0LhMEmm9KPcWcMC57w4LnqbMNCPXMAFdS95ys3zE6F5jZOvSKwsVWp6t3z8pVImRJ3Nv...

N/A N/A THN
CRITICAL 9 CVE-2026-13603

SSRF with API key leak in pretix-oppwa_CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's techno...

pretix pretix-oppwa CVE
HIGH 8.1 E4BC4653-1B76-

harfbuzz-stch-oob-write_E4BC4653-1B76-59F0-83C7-DDDABD36A472

HarfBuzz applystch — Integer Overflow → Heap OOB Write Crash harness, trigger font, and browser PoC for the integer overflow in HarfBuzz's applystc...

N/A N/A GITHUBEXPLOIT
HIGH 8.1 D7683152-09DF-

Exploit for Cross-Site Request Forgery (CSRF) in Apple Safari_D7683152-09DF-5A98-A55B-3490F8CFF60E

CVE-2026-43735 WebKit cross-domain information leakage. Safari = 26.5.2: PATCHED NavigateEvent.sourceElement is null...

N/A N/A GITHUBEXPLOIT
NONE MALWAREBYTES:FF...

ChatGPT produced graphic violent images that shocked researchers_MALWAREBYTES:FFA114D1AD1E9AF72637D198A12C2B43

AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British ...

N/A N/A MALWAREBYTES
NONE WIRED:92010B088...

Claude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music Festival_WIRED:92010B08834CA6B69A7F33305FB29369

A researcher found that using Anthropic’s Claude Opus 4.7, he could break into the website of Front Gate—used by every festival from Lollapalooza t...

N/A N/A WIRED
NONE TALOSBLOG:4E9E9...

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365_TALOSBLOG:4E9E90C55F4785E7C24FC29E6DB180FD

* Cisco Talos identified a fully-featured phishing-as-a-service (PhaaS) operator panel, branded "ARToken," that shares infrastructure, API contract...

N/A N/A TALOSBLOG
NONE TALOSBLOG:3887E...

Martin Lee: Running through the Arctic (and the threat landscape)_TALOSBLOG:3887EA54980FEE73E7E448883C5C2C8A

![Martin Lee: Running through the Arctic \(and the threat landscape\)](https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/conten...

N/A N/A TALOSBLOG
NONE SCHNEIER:469132...

Papa Johns Surveillance-Based Advertising_SCHNEIER:4691326A8FFE91EBF6D0A0D1ADE9C3DC

Papa Johns is spying on people's buying activities to predict when they are low on food: > The pizza chain recently tapped NBCUniversal, Instacart...

N/A N/A SCHNEIER