CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Malwarebytes•added 2026/05/18 1:51 a.m.•7 views

AI is distorting the Holocaust (Lock and Code S07E10)

This week on the Lock and Code podcast … In May of last year, a warning about AI came from somewhere unexpected: The Auschwitz-Birkenau State Museum. Posting publicly on social media, the museum warned about a Facebook account using generative AI to create fake images of people who died in the...

Hive Pro Threat Advisories•added 2026/05/12 6:39 a.m.•2 views

CISO Guide: Building a Business Case for CTEM

Every CISO knows the frustration: you understand the exposure risk facing your organization, you know that a Continuous Threat Exposure Management program would fundamentally change your security posture, and yet, when budget season arrives, CTEM is one of the first line items questioned. Ready t...

Packet Storm News•added 2026/04/29 12:0 a.m.•2 views

Taking a Bite out of the Forbidden Fruit: Characterizing Third-Party Iranian IOS App Stores

Due to U.S. sanctions and strict internet censorship, Iranian iOS users are barred from accessing the Apple App Store and developer services. In response, despite violating Apple's developer terms, a thriving underground ecosystem of third-party iOS app stores has emerged to serve Iranian users...

5.5AI score

Malwarebytes•added 2026/03/02 3:1 p.m.•3 views

Samsung TVs stop spying on viewers in Texas. Here’s how to disable ACR anywhere

Samsung has settled a lawsuit with the Texas Attorney General over how its smart TVs collect and monetize viewing data using Automated Content Recognition ACR. As part of the settlement, Samsung agreed to stop collecting ACR data from Texans without explicit, informed consent and to rewrite its...

6AI score

Malwarebytes•added 2026/01/26 2:28 p.m.•3 views

Get paid to scroll TikTok? The data trade behind Freecash ads

Loyal readers and other privacy-conscious people will be familiar with the expression, “If it’s too good to be true, it’s probably false.” Getting paid handsomely to scroll social media definitely falls into that category. It sounds like an easy side hustle, which usually means there’s a catch. I...

Schneier on Security•added 2026/01/20 12:8 p.m.•2 views

Could ChatGPT Convince You to Buy Something?

Eighteen months ago, it was plausible that artificial intelligence might take a different path than social media. Back then, AI's development hadn't consolidated under a small number of big tech firms. Nor had it capitalized on consumer attention, surveilling users and delivering ads...

Wired Threat Level•added 2026/01/09 3:19 p.m.•2 views

X Didn’t Fix Grok's ‘Undressing’ Problem. It Just Makes People Pay for It

X is allowing only “verified” users to create images with Grok. Experts say it represents the “monetization of abuse”—and anyone can still generate images on Grok’s app and website...

6.9AI score

Imperva Blog•added 2025/12/16 5:0 p.m.•8 views

Imperva Partners with TollBit to Power AI Traffic Monetization for Content Owners

The surge in AI-driven traffic is transforming how websites manage their content. With AI bots and agents visiting sites at unprecedented rates often scraping without permission, payment, or attribution content owners face a critical challenge: how to protect their intellectual property while...

7.1AI score

Akamai Blog•added 2025/12/11 6:0 p.m.•3 views

How Akamai Is Powering Trust in Tomorrow’s AI-Driven Ecosystem

Discover how Akamai powers secure, trusted AI interactions by verifying bots and agents, enabling adaptive trust, and supporting new monetization opportunities...

7AI score

CNVD•added 2025/11/20 12:0 a.m.•1 views

WordPress Coil Web Monetization plugin Cross-Site Request Forgery Vulnerability

The WordPress Coil Web Monetization plugin is a WordPress plugin that allows websites to monetize content through the WebMonetizationAPI, which allows users to pay content creators directly through a browser extension. The WordPress Coil Web Monetization plugin suffers from a cross-site request...

4.3CVSS6.7AI score0.00013EPSS

Exploits0References1

NVD•added 2025/11/18 9:15 a.m.•3 views

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00013EPSS

CVE•added 2025/11/18 8:27 a.m.•8 views

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

4.3CVSS4.9AI score0.00013EPSS

EUVD•added 2025/11/18 8:27 a.m.•1 views

EUVD-2025-197947

4.3CVSS4.8AI score0.00013EPSS

Exploits0References5

Cvelist•added 2025/11/18 8:27 a.m.•1 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

4.3CVSS0.00013EPSS

Vulnrichment•added 2025/11/18 8:27 a.m.•0 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

4.3CVSS4.9AI score0.00013EPSS

CNNVD•added 2025/11/18 12:0 a.m.•2 views

WordPress plugin Coil Web Monetization 跨站请求伪造漏洞

4.3CVSS6.4AI score0.00013EPSS

Positive Technologies•added 2025/11/18 12:0 a.m.•2 views

PT-2025-47272

Name of the Vulnerable Software and Affected Versions Coil Web Monetization plugin for WordPress versions prior to 2.0.3 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate nonce validation when handling the coil-get-css-selector...

4.3CVSS6.4AI score0.00013EPSS

Exploits0References7

Patchstack•added 2025/11/17 11:23 p.m.•3 views

WordPress Coil Web Monetization plugin <= 2.0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Sandeep Kambhampati in WordPress Plugin Coil Web Monetization versions = 2.0.2...

4.3CVSS7AI score0.00013EPSS

Exploits0References1Affected Software1

OSV•added 2025/11/11 12:17 a.m.•1 views

MAL-2025-64033 Malicious code in lina-mangut27-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46380f08dcdcaf5d741bc58ae888373e649722910a670e4e52a7e86786c07ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score