86 matches found
Apple iOS and iPadOS Improvements for Underchecked Vulnerabilities
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain an Improvement Check Insufficiency vulnerability that can be exploited by attackers to cause an application to monitor keystrokes without th...
EUVD-2017-6806
Malware in sbrugna...
EUVD-2025-19861
Malicious code in bioql PyPI...
CVE-2025-9565
The CVE concerns the WordPress Blocksy Companion plugin. All versions up to 2.1.10 are affected via the blocksy_newsletter_subscribe shortcode due to insufficient input sanitization and output escaping, allowing authenticated users with contributor-level access or higher to inject arbitrary scrip...
UBUNTU-CVE-2025-39703
In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...
Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Beyond the Protocol: Unveiling Attack Vectors in the Model Context Protocol Ecosystem
The Model Context Protocol MCP is an emerging standard designed to enable seamless interaction between Large Language Model LLM applications and external tools or resources. Within a short period, thousands of MCP services have already been developed and deployed. However, the client-server...
CVE-2024-9655
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 CVSS score: 4.3, has been characterized as a case of insufficient policy...
ALPINE-CVE-2025-20103
Insufficient resource pool in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local access...
Exploiting Copilot AI for SharePoint
TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms...
CVE-2024-13644
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
BlackBerry SecuSUITE 安全漏洞
BlackBerry SecuSUITE is a multi-platform solution for end-to-end encryption of voice calls and messages from BlackBerry Canada. A security vulnerability exists in BlackBerry SecuSUITE version 5.0.420 and earlier, which stems from the presence of an Entropy Insufficiency Vulnerability that could...
2N Access Commander 安全漏洞
2N Access Commander is an access control solution from 2N. A security vulnerability exists in 2N Access Commander version 3.1.1.2 and prior versions, which stems from the presence of a Data Authenticity Validation Insufficiency vulnerability that allows an attacker to elevate its privileges and...
CVE-2023-6987
CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...
Google Chrome Insufficient Data Validation Vulnerability
Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from a Data Validation Insufficiency vulnerability, which can b...
Siemens SINEC Traffic Analyzer Credential Protection Insufficiency Vulnerability
SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer suffers from a Credential Protection...
WordPress Plugin SiteOrigin Widgets Bundle Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
The vulnerability of the MELSEC iQ-F series of programmable logic controllers, related to insufficient resource capacity, allows a intruder to trigger a malfunction in maintenance operations.
The vulnerability of the MELSEC iQ-F series of programmable logic controllers is related to insufficient resources. Exploiting this vulnerability can allow a remote attacker to cause malfunctions in the system’s operation...
Dell PowerScale OneFS Insufficient Logging Vulnerability (CNVD-2024-16222)
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. A logging insufficiency vulnerability exists in Dell PowerScale OneFS, which can be exploited by an attacker to cause audit messages to be lost and unrecorded for...