Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

PT-2025-2972 · Itop Vpn · Itop Vpn

Name of the Vulnerable Software and Affected Versions: iTop VPN version 16.0 Description: A DLL hijacking issue allows attackers to execute arbitrary code by placing a crafted DLL file into the path ProgramDataiTop VPNDownloadervpn6. This enables attackers to trick iTop VPN into loading a fake DL...

iTop VPN 代码问题漏洞

iTop VPN is a VPN software from iTop Inc. which allows users to remain anonymous and secure with advanced Salsa20 chacha20 256-bit encryption. A code issue vulnerability exists in iTop VPN version 16.0, which stems from the presence of a DLL hijacking vulnerability that allows an attacker to...

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

SUSE CVE-2024-57932

In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these...

Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program

Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity to earn even more with the...

DEBIAN-CVE-2024-57932

In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these...

CVE-2024-57932 gve: guard XDP xmit NDO on existence of xdp queues

In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these...

CVE-2025-0518

CVE-2025-0518 affects FFmpeg 7.1 and is due to an unchecked return value causing an out-of-bounds read in libavfilter/af_pan.C. The issue is addressed by the FFmpeg commit b5b6391d64807578ab872dc58fb8aa621dcfc38a, which provides the fix. Discovery credited to Simcha Kosman. Public references in c...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 6, 2025 to January 12, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

curl: Elevation of Privileges (EoP) vulnerabilities related to the some easy_options on Windows

Summary An Elevation of Privileges EoP vulnerability can occur in a Windows privileged process that uses CURLOPTCOOKIEJAR, CURLOPTHSTS, or CURLOPTALTSVC. This vulnerability arises due to the differences in the implementation of the unlink function between Windows and Linux, as well as the behavio...

CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

CVE-2024-47794

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target for entryfreplace of...

CISA: Bomb-Making Materials Awareness Program (BMAP) Overview

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CISA: CFATS and the Personnel Surety Program (PSP) Overview

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CISA: CFATS Personnel Surety Program Demonstration and Lessons Learned

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

AZL-67712 CVE-2024-47794 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target for entryfreplace of...

DEBIAN-CVE-2024-47794

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target for entryfreplace of...