40449 matches found
PT-2025-24131 · Woocommerce · Subscription Renewal Reminders For Woocommerce
Name of the Vulnerable Software and Affected Versions: Subscription Renewal Reminders for WooCommerce versions 1.3.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into...
ZIV IDF和ZIV ZLF 安全漏洞
The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A security vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which stems from a cross-resource sharing configuration error...
WordPress plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
ZIV IDF和ZIV ZLF 代码注入漏洞
The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A code injection vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which originates from a code injection that could lead to malicious code execution...
ZIV IDF和ZIV ZLF 资源管理错误漏洞
The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A resource management error vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which stems from mishandling of a TLS request and could result in a denial of service...
WordPress plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Cross-site request forgery vulnerability...
CVE-2025-24015
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the...
Connect with us at the Gartner Security & Risk Management Summit
Security professionals visiting booths scattered around a hall, eager for solutions to today’s top cybersecurity challenges to protect their resources and people. The hum of hundreds of conversations. Presenters in packed sessions sharing expertise, trends, and stories to energize attendees. Few...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 26, 2025 to June 1, 2025)
In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 65 vulnerabilities disclosed in 60 WordPress Plugin...
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...
RHSA-2025:8533 Red Hat Security Advisory: webkit2gtk3 security update
Bulletin has no description...
WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant versions = 4.1.1...
Urania: Differentially Private Insights into AI Use
We introduce $Urania$, a novel framework for generating insights about LLM chatbot interactions with rigorous differential privacy DP guarantees. The framework employs a private clustering mechanism and innovative keyword extraction methods, including frequency-based, TF-IDF-based, and LLM-guided...
FedShield-LLM: a Secure and Scalable Federated Fine-Tuned Large Language Model
Federated Learning FL offers a decentralized framework for training and fine-tuning Large Language Models LLMs by leveraging computational resources across organizations while keeping sensitive data on local devices. It addresses privacy and security concerns while navigating challenges associate...
The vulnerability of the Citrix Secure Access Client software for secure remote access on the Mac OS lies in a flaw related to data protection mechanisms. This flaw allows attackers to gain unauthorized access and modify or read protected information.
The vulnerability of the Citrix Secure Access Client software for secure remote access on the Mac OS is related to a flaw in the data protection mechanism. Exploiting this vulnerability can allow an attacker to gain unauthorized access to and modify, or read, protected information...
The vulnerability of the Service Diagnostics Scripts component of the OracleTeleservice module in the Oracle E-Business Suite automation system allows a perpetrator to disclose protected information.
The vulnerability of the Service Diagnostics Scripts component of the Oracle Teleservice module in the Oracle E-Business Suite system relates to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose protected informatio...
Deno's AES GCM authentication tags are not verified
Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...
GHSA-2X3R-HWV5-P32X Deno's AES GCM authentication tags are not verified
Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...
9,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP User Frontend Pro WordPress Plugin
📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 24th, 2025, we received a submission for an Arbitrary File Uplo...
How to Protect Your Online Presence from Devastating DDoS Attacks
Today, your internet presence is much more than just a website or social media profile, it's like your…...