CVE-2026-28783

CVE-2026-28783 affects Craft CMS (Craft CMS core) where a blocklist of potentially dangerous PHP functions is bypassable via Twig non-Closure arrow functions. Affected versions are prior to 5.9.0-beta.1 and 4.17.0-beta.1. Successful exploitation requires attacker permissions (production allowAdmi...

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

EUVD-2020-27337

Malware in sbrugna...

Chatbots, APIs, and the Hidden Risks Inside Your Application Stack

What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform,...

CVE-2023-27577

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

CVE-2025-30171 Admin Authorized System File Deletion

System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

Stealthy Malware Disguises Itself as a WordPress License Key

UPDATE A spam-injecting malware is targeting WordPress site owners by disguising itself as a legitimate license key for a WordPress design theme. According to analysis from Sucuri, a customer opened a malware removal ticket reporting “some weird spam URLs injected onto their WordPress website.”...

CISO series: Secure your privileged administrative accounts with a phased roadmap

In my role, I often meet with CISOs and security architects who are updating their security strategy to meet the challenges of continuously evolving attacker techniques and cloud platforms. A frequent topic is prioritizing security for their highest value assets, both the assets that have the mos...

Tenda N3 Wireless N150 Router - Authentication Bypass

Tenda N3 Wireless N150 Router - Authentication Bypass Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers Date: 03-09-2015 Software Link: http://tendacn.com/en/product/N150.html Exploit Author: Mandeep Jadon Contact: http://twitter.com/1337tr0lls Website:...