Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet

47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here's what we saw...

When the Abyss Looks Back: Unveiling Evolving Dark Patterns in Cookie Consent Banners

To comply with data protection regulations such as the EU General Data Protection Regulation GDPR and the California Consumer Privacy Act CCPA, websites widely deploy cookie consent banners to collect users' privacy preferences. In practice, however, these interfaces often embed dark patterns tha...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 16, 2026 to February 22, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our 'High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

CVE-2025-14977

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond Facebook to include other social media platforms, such as YouTube. The Slovak cybersecurity company said it blocked over...

CVE-2025-11895

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

CVE-2025-11895 Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

CVE-2025-11895 Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

CVE-2025-11895

The CVE-2025-11895 vulnerability affects Binary MLM Plan (WordPress) versions

EUVD-2020-12965

Malware in sbrugna...

EUVD-2025-5852

Malicious code in bioql PyPI...

EUVD-2025-30855

Malicious code in bioql PyPI...

CVE-2025-10843

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...

CVE-2025-10843

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...

CVE-2025-10843

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...

CVE-2025-10843 Reservation Online Hotel Reservation System paypalpayout.php sql injection

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...

CVE-2025-10843 Reservation Online Hotel Reservation System paypalpayout.php sql injection

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...

Code-Projects Online Hotel Reservation System In PHP SQL注入漏洞

Code-Projects Online Hotel Reservation System In PHP is a Code-Projects open source online hotel reservation system. A SQL injection vulnerability exists in Code-Projects Online Hotel Reservation System In PHP version 1.0, which originates from an incorrect manipulation of the parameter confirm i...

CVE-2020-20178

Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account...

CVE-2025-27579

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address aka stratumUser for a Bitaxe Bitcoin miner, or change the frequency and voltage settings...