» Tag
vulnerability-research
2 postsJuly 2026
Pre-Auth SQL Injection in WordPress Core via Batch API Desync
Array desync in WordPress's REST batch API enables pre-auth SQL injection (CVE-2026-63030/60137); details plus a fast bitmask extraction technique.
Study: 80% of Qubes OS Security Bulletins Trace to Xen, CPU
Analysis of 109 Qubes Security Bulletins shows 79.8% trace to Xen or CPU issues, not Qubes code, with disclosure rates plateauing since 2018.