30 matches found
CVE-2026-27337
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
EUVD-2026-9610
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
CVE-2026-27337
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
CVE-2026-27337 WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
CVE-2026-27337
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
CVE-2026-27337 WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
CVE-2026-27337
CVE-2026-27337 is a Local File Inclusion vulnerability in the AncoraThemes Chronicle – Lifestyle Magazine & Blog WordPress Theme (Chronicle) affecting versions up to 1.0. Root cause: improper control of include/require filename handling in PHP (PHP Local File Inclusion). Exploitation details are ...
PT-2026-23231
Name of the Vulnerable Software and Affected Versions AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme versions prior to 1.1 Description The AncoraThemes Chronicle WordPress theme contains a flaw related to improper control of filenames used in include/require statements,...
WordPress plugin Chronicle 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability
WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme = 1.0 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Chronicle - Lifestyle Magazine & Blog WordPress Theme versions = 1.0...
A week in security (September 23 – September 29)
Last week on Malwarebytes Labs: Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution Telegram will hand over user details to law enforcement Don’t share the vir...
larchmontchronicle.com Cross Site Scripting vulnerability OBB-3834762
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
VirusTotal Data Leak Exposes Some Registered Customers' Details
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file,...
Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis
Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language model LLM that's...
deccanchronicle.com Cross Site Scripting vulnerability OBB-3188106
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
preview.houstonchronicle.com Cross Site Scripting vulnerability OBB-2132049
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Zodiac Killer Cipher Solved
The SF Chronicle is reporting more details here, and the FBI is confirming, that a Melbourne mathematician and team has decrypted the 1969 message sent by the Zodiac Killer to the newspaper. Theres no paper yet, but there are a bunch of details in the news articles. Heres an interview with one of...
profile.democratandchronicle.com Cross Site Scripting vulnerability OBB-1259431
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
RSA Wrap Up: It’s All About The People
RSA 2019 just finished and -- as always -- what a week it was. This year was a personal milestone for me, with the week culminating in my presentation with Gary Hayslip, CISO at WebRoot, titled: “Why the Role of the CISO Sucks and What We Should Do about It.” But, before we get to Friday morning ...
Google Launches Backstory — A New Cyber Security Tool for Businesses
Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory , a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential...