- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
CVE-2026-14345: WPFunnels expõe WordPress a RCE via logs
Cyber Report PT-BR com os principais CVEs do dia: vulnerabilidade crítica no WordPress WPFunnels, falha de autorização no GKS e risco em picklescan para pipelines Python/IA.
Títulos considerados:
- CVE-2026-14345: WPFunnels expõe WordPress a RCE via logs
- Cyber Report: WPFunnels RCE, GKS sem autorização e picklescan
- Top CVEs: WordPress WPFunnels crítico e risco em picklescan
CVEs, CVSS, afetados, vetor, CWE/fraqueza e correção:
- CVE-2026-14345 — CVSS 9.8 CRITICAL — afetado: The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3. — vetor: NETWORK, complexidade: LOW, privilégios: NONE, interação: NONE, CWE: CWE-434, patch/advisory: desconhecido, NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-14345
- CVE-2026-8377 — CVSS 8.2 HIGH — afetado: Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.
This issue affects — vetor: NETWORK, complexidade: LOW, privilégios: NONE, interação: NONE, CWE: CWE-862, patch/advisory: desconhecido, NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8377
- CVE-2025-71364 — CVSS 8.1 HIGH — afetado: picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can cr — vetor: NETWORK, complexidade: LOW, privilégios: NONE, interação: REQUIRED, CWE: CWE-502, patch/advisory: desconhecido, NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-71364
Correção e mitigação: aplicar patches/advisories oficiais; para WPFunnels, verificar versão até 3.12.7, reduzir logs desnecessários, restringir administração e revisar logs; para GKS, atualizar para versão 2 conforme advisory; para picklescan, atualizar para 0.0.30 ou superior e isolar artefatos pickle/modelos não confiáveis.
Fontes oficiais e referências:
- https://nvd.nist.gov/vuln/detail/CVE-2026-14345
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/admin/modules/settings/class-wpfnl-settings.php#L709
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L39
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L523
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/public/class-wpfnl-public.php#L1185
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/admin/modules/settings/class-wpfnl-settings.php#L709
- https://nvd.nist.gov/vuln/detail/CVE-2026-8377
- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502
- https://nvd.nist.gov/vuln/detail/CVE-2025-71364
- https://github.com/mmaitre314/picklescan/security/advisories/GHSA-q77w-mwjj-7mqx
- https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-asyncio-unix-events-unixsubprocesstransport-start
Conteúdo defensivo: sem PoC, sem payloads e sem instruções ofensivas. Termos: vulnerabilidade, patch, segurança, CVSS, CVE, WordPress, WPFunnels, WooCommerce, Access Control System GKS, picklescan, Python, IA, segurança de modelos.
#CyberSecurity #CVE #WordPress #SegurancaDaInformacao #DevSecOps
Видео CVE-2026-14345: WPFunnels expõe WordPress a RCE via logs канала dailytechhackglobal
Títulos considerados:
- CVE-2026-14345: WPFunnels expõe WordPress a RCE via logs
- Cyber Report: WPFunnels RCE, GKS sem autorização e picklescan
- Top CVEs: WordPress WPFunnels crítico e risco em picklescan
CVEs, CVSS, afetados, vetor, CWE/fraqueza e correção:
- CVE-2026-14345 — CVSS 9.8 CRITICAL — afetado: The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3. — vetor: NETWORK, complexidade: LOW, privilégios: NONE, interação: NONE, CWE: CWE-434, patch/advisory: desconhecido, NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-14345
- CVE-2026-8377 — CVSS 8.2 HIGH — afetado: Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.
This issue affects — vetor: NETWORK, complexidade: LOW, privilégios: NONE, interação: NONE, CWE: CWE-862, patch/advisory: desconhecido, NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8377
- CVE-2025-71364 — CVSS 8.1 HIGH — afetado: picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can cr — vetor: NETWORK, complexidade: LOW, privilégios: NONE, interação: REQUIRED, CWE: CWE-502, patch/advisory: desconhecido, NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-71364
Correção e mitigação: aplicar patches/advisories oficiais; para WPFunnels, verificar versão até 3.12.7, reduzir logs desnecessários, restringir administração e revisar logs; para GKS, atualizar para versão 2 conforme advisory; para picklescan, atualizar para 0.0.30 ou superior e isolar artefatos pickle/modelos não confiáveis.
Fontes oficiais e referências:
- https://nvd.nist.gov/vuln/detail/CVE-2026-14345
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/admin/modules/settings/class-wpfnl-settings.php#L709
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L39
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L523
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/public/class-wpfnl-public.php#L1185
- https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/admin/modules/settings/class-wpfnl-settings.php#L709
- https://nvd.nist.gov/vuln/detail/CVE-2026-8377
- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502
- https://nvd.nist.gov/vuln/detail/CVE-2025-71364
- https://github.com/mmaitre314/picklescan/security/advisories/GHSA-q77w-mwjj-7mqx
- https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-asyncio-unix-events-unixsubprocesstransport-start
Conteúdo defensivo: sem PoC, sem payloads e sem instruções ofensivas. Termos: vulnerabilidade, patch, segurança, CVSS, CVE, WordPress, WPFunnels, WooCommerce, Access Control System GKS, picklescan, Python, IA, segurança de modelos.
#CyberSecurity #CVE #WordPress #SegurancaDaInformacao #DevSecOps
Видео CVE-2026-14345: WPFunnels expõe WordPress a RCE via logs канала dailytechhackglobal
Комментарии отсутствуют
Информация о видео
22 ч. 35 мин. назад
00:02:42
Другие видео канала
