Wordfence Intelligence Weekly WordPress Vulnerability Report (March 2, 2026 to March 8, 2026)

Last week, there were 199 vulnerabilities disclosed in 84 WordPress Plugins and 107 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4465

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2.4465. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program...

Docker Desktop < 4.64.0 CLI Plugin Directory Privilege Escalation (CVE-2025-15558)

The version of Docker Desktop for Windows installed on the remote host is 4.34.x 4.64.0. It is, therefore, affected by a privilege escalation vulnerability. - Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A...

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities...

CVE-2026-3582

CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...

Schneider Electric Modicon Controllers M241, M251, M258, and LMC058

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Why LLMs Fail: A Failure Analysis and Partial Success Measurement for Automated Security Patch Generation

Large Language Models LLMs show promise for Automated Program Repair APR, yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java vulnerabilities from the Vul4J benchmark. Using tri-axis evaluation...

CVE-2025-69647

A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF loclists data with the readelf program can trigger an infinite loop and result in a denial of service. Mitigation To mitigate this vulnerability, do not process untrusted, unverified or...

Microsoft Devices Pricing Program Code Issue Vulnerability

The Microsoft Devices Pricing Program is Microsoft's exclusive device purchasing and pricing mechanism for enterprise customers, partners, or select channels to enjoy customized pricing, terms of business, and support for volume purchases of Surface Series devices such as Surface Laptop, Surface...

CVE-2026-21536

Microsoft Devices Pricing Program Remote Code Execution Vulnerability...

SUSE CVE-2025-69651

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...

EUVD-2025-208347

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...

CVE-2025-69651

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...

The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response

In the final part of our series, we explore Reactive Risk Management. Discover how Wiz for U.S. Government transforms cloud detection and response to help satisfy FedRAMP Rev 5 IR controls and FedRAMP 20x detection benchmarks...

CVE-2026-28010

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects Scientia: from n/a through = 1.2.4...

CVE-2026-28064

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Edge Decor edge-decor allows PHP Local File Inclusion.This issue affects Edge Decor: from n/a through = 2.2...

EUVD-2026-9885

Microsoft Devices Pricing Program Remote Code Execution Vulnerability...

ROS-20260306-73-0005

A vulnerability in the bpfprogselectruntime function of the kernel/bpf/core.c file of the Linux operating system kernel is related to resource management errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-21536

Microsoft Devices Pricing Program Remote Code Execution Vulnerability...

CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability

...