PT-2026-21401

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.02.21 Description The --netrc-cmd option in yt-dlp contains an arbitrary command injection issue. The argument passed to the command in this option is now limited to a safe subset of characters to address this. Th...

More on Rewiring Democracy

It's been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good. Some of the book's forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41. We need more reviews--six on Amazon is no...

CVE-2025-12126

The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-12126

The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access a...

Rewiring Democracy is Coming Soon

My latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship , will be published in just over a week. No reviews yet, but you can read chapters 12 and 34 of 43 chapters total. You can order the book pretty much everywhere, and a copy signed by me here. Pleas...

Cybersecurity communities. Small hacker groups, big impact

TL;DR Cybersecurity communities and groups are an excellent opportunity to network and learn There are OWASP, DEF CON, 2600, university hacking societies, Meetup communities and more to choose from They provide workshops, talks, and practical learning opportunities benefiting both newcomers and...

Improper Access Control in bookstackapp/bookstack

Description parentChapter permissions are not enforced during sort. Users with only book-update permissions on their own page can move their pages into restricted chapters via modifying the parentChapter id in the sortmap. Users do not need to have access to restricted books / chapter in order to...

[SECURITY] Fedora 33 Update: mediainfo-21.03-1.fc33

MediaInfo CLI Command Line Interface. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio: codec, sample rate, channels, language, bitrate... Text: language of subtitle Chapters: number of...

[SECURITY] Fedora 29 Update: mediainfo-19.04-1.fc29

MediaInfo CLI Command Line Interface. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio: codec, sample rate, channels, language, bitrate... Text: language of subtitle Chapters: number of...

CVE-2005-1782

Multiple cross-site scripting XSS vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to 1 addreview.htm, 2 suggestreview.htm, 3 suggestcategory.htm, 4 addbooklist.htm, or 5 addurl.htm, the isbn parameter to 6 addreview.htm, ...