1062 matches found
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...
WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...
CVE-2026-53308
In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...
PT-2026-51516
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.12 Description The software fails to validate cookie names within the setCookie, serialize, and serializeSigned functions. When an application uses a user-controlled cookie name, invalid characters such as control...
PT-2026-49241
Name of the Vulnerable Software and Affected Versions Zephyr versions prior to 4.4.1 Description The native TCP stack contains a use-after-free flaw when iterating the global connection list in the net tcp foreach function. The issue occurs because the function releases the tcp lock while invokin...
CVE-2026-8613
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-48392
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
zero2shell-50
ZeroToShell-50 🚀 A highly curated, containerized training g...
The Intersection of Encryption and AI
As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...
Why Encrypted File Sharing Is Essential for Modern Businesses
Consider the history of any recent corporate scandal, and it is quite possible to guess what the story…...
Hunting-Bugs
2026 Practical Bug Bounty Guide Built on real-world experie...
State of SDLC Security 2026: How Risk Scales in Modern Development
Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use the /bpp:32 legacy GDI drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, use modern...
Filter-Then-Verify: A Multiphase GNN and ModernBERT Framework for Social Engineering Detection in Email Networks
Social engineering attacks exploit human trust rather than software vulnerabilities, making them difficult to detect using conventional filters. We propose a two-stage filter-then-verify framework combining inductive Graph Neural Networks GNNs for structural anomaly detection with a co-attention...
Widening the Gap: Exploiting LLM Quantization Via Outlier Injection
LLM quantization has become essential for memory-efficient deployment. Recent work has shown that quantization schemes can pose critical security risks: an adversary may release a model that appears benign in full precision but exhibits malicious behavior once quantized by users. However, existin...
Backdoor Channels Hidden in Latent Space: Cryptographic Undetectability in Modern Neural Networks
Recent cryptographic results establish that neural networks can be backdoored such that no efficient algorithm can distinguish them from a clean model. These guarantees, however, have been confined to stylised architectures of limited practical relevance, leaving open whether comparable...
modern-web-swiss-army-knife (>=2.7.2 <=2.7.4) potentially affected by CVE-2026-45321 via @tanstack/router-devtools (>=1.105.0 <=1.106.0)
@tanstack/router-devtools NPM version =1.105.0, =2.7.2, =2.7.4 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERDEVTOOLS-16640220...
Modern Defensible Architecture: Resilience for the Australian Federal Government
How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility...
PT-2026-35876
Name of the Vulnerable Software and Affected Versions CoreDNS affected versions not specified Description A TSIG authentication bypass exists in CoreDNS affecting modern transports. TSIG Transaction Signature is a mechanism used to authenticate DNS messages. Recommendations At the moment, there i...