9907 matches found
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
CVE-2025-13471 affects the WordPress plugin User Activity Log (
EUVD-2025-206412
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
Falco 0.43.0
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...
PT-2026-5057
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
WordPress plugin User Activity Log security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CERTFR-2026-ACT-004
creationtimestamp| type| source ---|---|--- 2026-01-26 14:47:11+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mddiej3zy226 2026-01-26 14:47:12+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/115961943162528773 2026-01-26 16:02:17+00:00| seen|...
Avoid Scams After Disaster Strikes
As natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with...
Malicious code in pay-by-bank-dashboard-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c58f9aa900a5052fd440dd0a9a3e3ecb345fb4fee2be527b5af385485ee224 The package pay-by-bank-dashboard-server was found to contain malicious code. Source: ghsa-malware...
Malicious code in un112 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1521874d670863316d54ec7213c067617cac71476025f1e398ca9ea01fe1f71 The package un112 was found to contain malicious code. Source: ossf-package-analysis cdd54832c7f264a3a18301f19d464ca271573a29173fe997e49e6c55b0ae1f87...
📄 HEUR.Backdoor.Win32.Poison.gen DLL Hijacking
This code implements an advanced WININET.dll proxy via DLL hijacking that is designed as a defensive countermeasure against malware such as HEUR.Backdoor.Win32.Poison.gen. The malware family Poison loads a 32‑bit WININET.dll from its current directory, which enables execution flow hijacking MITRE...
CISA: Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers V2
CISA, in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, have released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help internet service...
CISA: Suspicious Unmanned Aircraft System Activity Guidance V2
Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities. This is version 2 of CISA's document...
Malicious Package
Overview @testfeii/hallo-word is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2026-3295
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered...
GHSA-2497-GP99-2M74 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered
Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...