This one’s for you, Mom

Welcome to this week's edition of the Threat Source newsletter. I am the product of a single parent, my mom, who along with my grandparents helped raise me into the man I am today. I cannot fathom what it took for my mom, who worked three jobs to put herself through college to be a teacher, to...

CVE-2026-1980

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

CVE-2026-1980

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

CVE-2026-1980

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

CVE-2026-1980

CVE-2026-1980 refers to the WPBookit WordPress plugin, affecting versions up to 1.0.8. Root cause: missing authorization on the get_customer_list route, enabling unauthenticated attackers to disclose sensitive customer data (names, emails, phone numbers, dates of birth, gender). Impact: unauthori...

PT-2026-22859

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get customer list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information...

CVE-2018-25135

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

EUVD-2024-55078

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

CVE-2024-44630

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

Exploring User Risk Factors and Target Groups for Phishing Victimization in Pakistan

Phishing attacks pose a significant cybersecurity threat globally. This study investigates phishing susceptibility within the Pakistani population, examining the influence of demographic factors, technological aptitude and usage, previous phishing victimization, and email characteristics. Data wa...

EUVD-2002-2155

Malware in sbrugna...

EUVD-2024-52745

Malicious code in bioql PyPI...

Non-Adaptive Adversarial Face Generation

Adversarial attacks on face recognition systems FRSs pose serious security and privacy threats, especially when these systems are used for identity verification. In this paper, we propose a novel method for generating adversarial faces-synthetic facial images that are visually distinct yet...

Bias Amplification in RAG: Poisoning Knowledge Retrieval to Steer LLMs

In Large Language Models, Retrieval-Augmented Generation RAG systems can significantly enhance the performance of large language models by integrating external knowledge. However, RAG also introduces new security risks. Existing research focuses mainly on how poisoning attacks in RAG systems affe...

Code-Projects Traffic Offense Reporting System 代码注入漏洞

Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System has a cross-site scripting vulnerability that originates from the parameter offenseid/vehicleno/driverlicense/name/address/gender/officer in the file /save-reported.php. The lack of effectiv...

CVE-2002-2176

SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the userlevel parameter in the User Profile page...

PT-2024-17779 · Code Projects · Code-Projects Online Exam Mastering System

Name of the Vulnerable Software and Affected Versions: code-projects Online Exam Mastering System version 1.0 Description: A problem was found in the file /sign.php?q=account.php, where the manipulation of the name, gender, and college arguments leads to cross-site scripting. The attack can be...

CVE-2024-55104

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters...

CVE-2024-55104

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters...

Online Nurse Hiring System 安全漏洞

PHPGurukul Online Nurse Hiring System is an online nurse hiring system from PHPGurukul. A security vulnerability exists in Online Nurse Hiring System v1.0, which stems from an SQL injection vulnerability found in the component /admin/add-nurse.php via the gender and emailid parameters...