Lucene search
+L

939 matches found

Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.14 views

PT-2026-33601

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z taxonomy image' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenate...

5.4CVSS5.9AI score0.00246EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.8 views

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.13 views

Security and Resilience in Autonomous Vehicles: A Proactive Design Approach

Autonomous vehicles AVs promise efficient, clean and cost-effective transportation systems, but their reliance on sensors, wireless communications, and decision-making systems makes them vulnerable to cyberattacks and physical threats. This chapter presents novel design techniques to strengthen t...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/04/09 9:39 p.m.7 views

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/08 12:31 p.m.8 views

EUVD-2026-20441

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobedeletetaxterm function. This makes it possible...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/04/08 12:16 p.m.7 views

CVE-2026-1673

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobedeletetaxterm function. This makes it possible...

4.3CVSS0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 11:16 a.m.36 views

CVE-2026-1673 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobedeletetaxterm function. This makes it possible...

4.3CVSS0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/08 11:16 a.m.10 views

CVE-2026-1673 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobedeletetaxterm function. This makes it possible...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 11:16 a.m.15 views

CVE-2026-1673

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is affected by a Cross-Site Request Forgery in versions up to 1.1.5. The root cause is missing nonce validation in the woobe_delete_tax_term() function, enabling unauthenticated actors to...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.15 views

MCP-DPT: A Defense-Placement Taxonomy and Coverage Analysis for Model Context Protocol Security

The Model Context Protocol MCP enables large language models LLMs to dynamically discover and invoke third-party tools, significantly expanding agent capabilities while introducing a distinct security landscape. Unlike prompt-only interactions, MCP exposes pre-execution artifacts, shared context,...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.6 views

Foundations for Agentic AI Investigations from the Forensic Analysis of OpenClaw

Agentic Al systems are increasingly deployed as personal assistants and are likely to become a common object of digital investigations. However, little is known about how their internal state and actions can be reconstructed during forensic analysis. Despite growing popularity, systematic forensi...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.5 views

Digital Privacy in IoT: Exploring Challenges, Approaches and Open Issues

Privacy has always been a critical issue in the digital era, particularly with the increasing use of Internet of Things IoT devices. As the IoT continues to transform industries such as healthcare, smart cities, and home automation, it has also introduced serious challenges regarding the security...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.4 views

Towards Secure Agent Skills: Architecture, Threat Taxonomy, and Security Analysis

Agent Skills is an emerging open standard that defines a modular, filesystem-based packaging format enabling LLM-based agents to acquire domain-specific expertise on demand. Despite rapid adoption across multiple agentic platforms and the emergence of large community marketplaces, the security...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.4 views

Synthetic Trust Attacks: Modeling How Generative AI Manipulates Human Decisions in Social Engineering Fraud

Imagine receiving a video call from your CFO, surrounded by colleagues, asking you to urgently authorise a confidential transfer. You comply. Every person on that call was fake, and you just lost $25 million. This is not a hypothetical. It happened in Hong Kong in January 2024, and it is becoming...

5.9AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.26 views

VulnCheck KEV: CVE-2024-12025

The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS5.9AI score0.02593EPSS
In wildExploits1References2
Packet Storm News
Packet Storm News
added 2026/03/30 12:0 a.m.13 views

Safeguarding LLMs against Misuse and AI-Driven Malware Using Steganographic Canaries

AI-powered malware increasingly exploits cloud-hosted generative-AI services and large language models LLMs as analysis engines for reconnaissance and code generation. Simultaneously, enterprise uploads expose sensitive documents to third-party AI vendors. Both threats converge at the AI service...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.6 views

CVE-2026-32455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through = 1.3.5...

6.5CVSS5.8AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.5 views

CVE-2026-30954

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.10 views

CVE-2026-33177

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

4.3CVSS5.7AI score0.00224EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.6 views

Beyond Content Safety: Real-Time Monitoring for Reasoning Vulnerabilities in Large Language Models

Large language models LLMs increasingly rely on explicit chain-of-thought CoT reasoning to solve complex tasks, yet the safety of the reasoning process itself remains largely unaddressed. Existing work on LLM safety focuses on content safety--detecting harmful, biased, or factually incorrect...

6.1AI score
Exploits0
Rows per page
Query Builder