28 matches found
CVE-2026-40799
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
EUVD-2026-36808
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
CVE-2026-40799
CVE-2026-40799 affects the WordPress plugin Simple Cloudflare Turnstile (versions
PT-2026-49435
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by David Marín in WordPress Plugin Simple Cloudflare Turnstile versions = 1.38.0...
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich,...
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actor...
CVE-2026-2589
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
CVE-2026-2589
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
CVE-2026-2589
The Greenshift WordPress plugin (animation and page builder blocks) is vulnerable to Sensitive Information Exposure in all versions up to 12.8.3 via an automated Settings Backup stored in a publicly accessible file. This allows unauthenticated attackers to extract configured API keys (OpenAI, Cla...
CVE-2026-2589 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
CVE-2026-2589
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
CVE-2026-2589 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
PT-2026-23575
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
The malware authors associated with a Phishing-as-a-Service PhaaS kit known as Sneaky 2FA have incorporated Browser-in-the-Browser BitB functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount...
CVE-2025-10732
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...
CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...
EUVD-2023-57473
Malicious code in bioql PyPI...