Lucene search
K

537 matches found

CNNVD
CNNVD
added 2025/09/11 12:0 a.m.5 views

WordPress plugin Smartcat Translator for WPML SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

6.5CVSS7.4AI score0.00287EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.9 views

An Empirical Study of Vulnerabilities in Python Packages and Their Detection

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern, highlighted by the considerable number of vulnerability...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.6 views

E-PhishGen: Unlocking Novel Research in Phishing Email Detection

Every day, our inboxes are flooded with unsolicited emails, ranging between annoying spam to more subtle phishing scams. Unfortunately, despite abundant prior efforts proposing solutions achieving near-perfect accuracy, the reality is that countering malicious emails still remains an unsolved...

7AI score
Exploits0
OSV
OSV
added 2025/08/29 9:15 p.m.5 views

CVE-2025-9677

A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs t...

5.5CVSS5.1AI score0.0025EPSS
Exploits1References5
CVE
CVE
added 2025/08/29 9:2 p.m.17 views

CVE-2025-9677

CVE-2025-9677 : Affects Modo Legend of the Phoenix (versions through 1.0.5). The flaw resides in the AndroidManifest.xml of the component com.duige.hzw.multilingual , where an improper export of Android application components enables a local attack. Exploit has been publicly released; exploitatio...

5.5CVSS5.4AI score0.0025EPSS
Exploits1References5Affected Software1
The Hacker News
The Hacker News
added 2025/08/27 1:47 p.m.14 views

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific APAC. According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration...

9.9CVSS8.8AI score0.99993EPSS
Exploits62
OSV
OSV
added 2025/08/14 6:52 p.m.7 views

MAL-2025-9671 Malicious code in @wix-platform/velo-multilingual-helper (npm)

The package @wix-platform/velo-multilingual-helper was found to contain malicious code...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.5 views

Multilingual Source Tracing of Speech Deepfakes: a First Benchmark

Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2025/07/28 12:0 a.m.13 views

WordPress WPML Multilingual CMS Plugin < 4.6.13 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpml:wpml"; if description...

9.9CVSS9.6AI score0.25533EPSS
Exploits3References1
Packet Storm News
Packet Storm News
added 2025/07/22 12:0 a.m.9 views

From Cracks to Crooks: YouTube As a Vector for Malware Distribution

With billions of users and an immense volume of daily uploads, YouTube has become an attractive target for cybercriminals aiming to leverage its vast audience. The platform's openness and trustworthiness provide an ideal environment for deceptive campaigns that can operate under the radar of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/21 12:0 a.m.6 views

FaultLine: Automated Proof-Of-Vulnerability Generation Using LLM Agents

Despite the critical threat posed by software security vulnerabilities, reports are often incomplete, lacking the proof-of-vulnerability PoV tests needed to validate fixes and prevent regressions. These tests are crucial not only for ensuring patches work, but also for helping developers understa...

7.1AI score
Exploits0
Fedora
Fedora
added 2025/06/11 3:51 a.m.12 views

[SECURITY] Fedora 41 Update: roundcubemail-1.6.11-1.fc41

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

9.9CVSS9.7AI score0.94741EPSS
Exploits29
Fedora
Fedora
added 2025/06/11 2:46 a.m.13 views

[SECURITY] Fedora 42 Update: roundcubemail-1.6.11-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

9.9CVSS9.7AI score0.94741EPSS
Exploits29
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.4 views

TRIDENT -- a Three-Tier Privacy-Preserving Propaganda Detection Model in Mobile Networks Using Transformers, Adversarial Learning, and Differential Privacy

The proliferation of propaganda on mobile platforms raises critical concerns around detection accuracy and user privacy. To address this, we propose TRIDENT - a three-tier propaganda detection model implementing transformers, adversarial learning, and differential privacy which integrates syntact...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.6 views

Hiding in Plain Sight: Query Obfuscation Via Random Multilingual Searches

Modern search engines extensively personalize results by building detailed user profiles based on query history and behaviour. While personalization can enhance relevance, it introduces privacy risks and can lead to filter bubbles. This paper proposes and evaluates a lightweight, client-side quer...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/04 12:0 a.m.5 views

A Threat Intelligence Event Extraction Conceptual Model for Cyber Threat Intelligence Feeds

In response to the escalating cyber threats, the efficiency of Cyber Threat Intelligence CTI data collection has become paramount in ensuring robust cybersecurity. However, existing works encounter significant challenges in preprocessing large volumes of multilingual threat data, leading to...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/26 12:0 a.m.7 views

Phare: a Safety Probe for Large Language Models

Ensuring the safety of large language models LLMs is critical for responsible deployment, yet existing evaluations often prioritize performance over identifying failure modes. We introduce Phare, a multilingual diagnostic framework to probe and evaluate LLM behavior across three critical...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.8 views

CVE-2024-44006

Missing Authorization vulnerability in Amir Helzer WooCommerce Multilingual & Multicurrency woocommerce-multilingual.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through = 5.3.6...

8.8CVSS5.9AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.12 views

CVE-2022-3141

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected...

8.8CVSS7.4AI score0.03851EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.7 views

CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

8.8CVSS7.9AI score0.01705EPSS
Exploits1References1
Rows per page
Query Builder