EUVD-2024-46945

Malicious code in bioql PyPI...

EUVD-2024-32225

Malicious code in bioql PyPI...

EUVD-2024-32056

Malicious code in bioql PyPI...

EUVD-2024-27390

Malicious code in bioql PyPI...

EUVD-2024-47827

Malicious code in bioql PyPI...

EUVD-2024-19302

Malicious code in bioql PyPI...

600,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Fluent Forms WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 💉 Participate in theSQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND...

CVE-2025-8447

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the...

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

CVE-2025-22165

This Medium severity ACE Arbitrary Code Execution vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE Arbitrary Code Execution vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 30, 2025 to July 6, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors

The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence team and...

CVE-2025-23369

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This...

CVE-2024-9539

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to uplo...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

CVE-2024-6337

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-0507

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, an...

CVE-2024-6395

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...