WordPress Conditional Maintenance Mode for WordPress plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Conditionnal Maintenance Mode for WordPress versions = 1.0.0...

PT-2025-47999

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it possible for unauthenticated attackers to...

Synthetic Data: AI'S New Weapon against Android Malware

The ever-increasing number of Android devices and the accelerated evolution of malware, reaching over 35 million samples by 2024, highlight the critical importance of effective detection methods. Attackers are now using Artificial Intelligence to create sophisticated malware variations that can...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via certain Check and ListObject calls. An attacker can gain unauthorized access to resources by exploiting improper enforcement of access policies when a relation is directly assignable by a type bound public...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

Security Bulletin: Logback-Core ≤1.5.18 Conditional Config Processing Flaw Enables ACE via Malicious Config or Env Variable

Summary ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

Secure Low-Altitude Maritime Communications Via Intelligent Jamming

Low-altitude wireless networks LAWNs have emerged as a viable solution for maritime communications. In these maritime LAWNs, unmanned aerial vehicles UAVs serve as practical low-altitude platforms for wireless communications due to their flexibility and ease of deployment. However, the open and...

CLSA-2025-1762421346 mod_security: Fix of CVE-2025-47947

CVE-2025-47947: fix potential DoS by adding ARGS to the sanitize list only if it's not added yet...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990364)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990364 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Add condresched for no forced preemption model For no forced preemption model...

Blind-SQLi-StatusCode

Script en python...

Blind-SQLi

Explotación de un SQLi a...

Multi-Factor Authentication in Spring Security 7

In 2013, it was proposed to add multi-factor authentication into Spring Security. That was the year that “selfie” was added to the English dictionary and “What Does the Fox Say?” was a viral YouTube hit. Needless to say, one of the biggest features in Spring Security 7 is a long time coming, and ...

JLSEC-2025-105 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_pa...

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645parse because allocrbspbuffer in libavcodec/h2645parse.c mishandles rbspbuffer...

EUVD-2025-31861

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

openSUSE 15 Security Update : logback (SUSE-SU-2025:03456-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:03456-1 advisory. - CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing bsc1250715 Tenable has extracted the preceding description block...

New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security

Building on the momentum of our initial launch of the Microsoft Secure Future Initiative SFI patterns and practices, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidanc...

Security update for logback

This update for logback fixes the following issues: CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing bsc1250715 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:03456-1 Security update for logback

This update for logback fixes the following issues: - CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing bsc1250715...

EUVD-2013-2195

Malware in sbrugna...

EUVD-2019-7296

Malware in sbrugna...