Lucene search
K

40449 matches found

Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.2 views

PT-2025-24131 · Woocommerce · Subscription Renewal Reminders For Woocommerce

Name of the Vulnerable Software and Affected Versions: Subscription Renewal Reminders for WooCommerce versions 1.3.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into...

4.3CVSS4.5AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.3 views

ZIV IDF和ZIV ZLF 安全漏洞

The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A security vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which stems from a cross-resource sharing configuration error...

5.3CVSS6.8AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.5 views

WordPress plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS4.8AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.3 views

ZIV IDF和ZIV ZLF 代码注入漏洞

The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A code injection vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which originates from a code injection that could lead to malicious code execution...

5.3CVSS7.7AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.1 views

ZIV IDF和ZIV ZLF 资源管理错误漏洞

The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A resource management error vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which stems from mishandling of a TLS request and could result in a denial of service...

8.3CVSS6.7AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.2 views

WordPress plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Cross-site request forgery vulnerability...

4.3CVSS4.8AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/05 11:14 p.m.18 views

CVE-2025-24015

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the...

8.7CVSS7AI score0.0024EPSS
Exploits1References1
Microsoft Secure
Microsoft Secure
added 2025/06/05 5:0 p.m.9 views

Connect with us at the Gartner Security & Risk Management Summit

Security professionals visiting booths scattered around a hall, eager for solutions to today’s top cybersecurity challenges to protect their resources and people. The hum of hundreds of conversations. Presenters in packed sessions sharing expertise, trends, and stories to energize attendees. Few...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/06/05 3:31 p.m.229 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 26, 2025 to June 1, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 65 vulnerabilities disclosed in 60 WordPress Plugin...

10CVSS8.7AI score0.02101EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2025/06/05 2:0 p.m.4 views

Navigating AWS Migration: Achieving Clarity and Confidence

Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...

7.5AI score
Exploits0
OSV
OSV
added 2025/06/05 10:4 a.m.14 views

RHSA-2025:8533 Red Hat Security Advisory: webkit2gtk3 security update

Bulletin has no description...

8.8CVSS6AI score0.01028EPSS
Exploits0References12
Patchstack
Patchstack
added 2025/06/05 12:12 a.m.13 views

WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant versions = 4.1.1...

4.3CVSS6.6AI score0.0014EPSS
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.4 views

Urania: Differentially Private Insights into AI Use

We introduce $Urania$, a novel framework for generating insights about LLM chatbot interactions with rigorous differential privacy DP guarantees. The framework employs a private clustering mechanism and innovative keyword extraction methods, including frequency-based, TF-IDF-based, and LLM-guided...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.4 views

FedShield-LLM: a Secure and Scalable Federated Fine-Tuned Large Language Model

Federated Learning FL offers a decentralized framework for training and fine-tuning Large Language Models LLMs by leveraging computational resources across organizations while keeping sensitive data on local devices. It addresses privacy and security concerns while navigating challenges associate...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.7 views

The vulnerability of the Citrix Secure Access Client software for secure remote access on the Mac OS lies in a flaw related to data protection mechanisms. This flaw allows attackers to gain unauthorized access and modify or read protected information.

The vulnerability of the Citrix Secure Access Client software for secure remote access on the Mac OS is related to a flaw in the data protection mechanism. Exploiting this vulnerability can allow an attacker to gain unauthorized access to and modify, or read, protected information...

7.3CVSS5.6AI score0.00154EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.5 views

The vulnerability of the Service Diagnostics Scripts component of the OracleTeleservice module in the Oracle E-Business Suite automation system allows a perpetrator to disclose protected information.

The vulnerability of the Service Diagnostics Scripts component of the Oracle Teleservice module in the Oracle E-Business Suite system relates to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose protected informatio...

6.8CVSS7.1AI score0.00403EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/06/04 8:48 p.m.29 views

Deno's AES GCM authentication tags are not verified

Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...

8.7CVSS7AI score0.0024EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2025/06/04 8:48 p.m.6 views

GHSA-2X3R-HWV5-P32X Deno's AES GCM authentication tags are not verified

Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...

8.7CVSS7.2AI score0.0024EPSS
Exploits1References7
Wordfence Blog
Wordfence Blog
added 2025/06/04 5:5 p.m.20 views

9,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP User Frontend Pro WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 24th, 2025, we received a submission for an Arbitrary File Uplo...

8.8CVSS7.8AI score0.00797EPSS
Exploits1
HackRead
HackRead
added 2025/06/04 11:54 a.m.8 views

How to Protect Your Online Presence from Devastating DDoS Attacks

Today, your internet presence is much more than just a website or social media profile, it's like your…...

7.3AI score
Exploits0
Rows per page
Query Builder