Lucene search
K

349 matches found

NVD
NVD
added 2026/06/19 9:16 p.m.11 views

CVE-2026-47203

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS0.00308EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/18 4:2 p.m.5 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability discovered by kalomba - KAPENTEST in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.39...

5.3CVSS5.3AI score0.00385EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/08 11:53 a.m.19 views

The Hardest Fork

Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/22 9:4 p.m.8 views

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

The South Pacific Regional Fisheries Management Organization SPRFMO needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.11 views

Modernizing User Privacy Preference Measurement through GPPI: A GDPR-Aligned Privacy Preference Item Bank

Privacy measurement instruments e.g., CFIP, IUIPC, PAQ predate GDPR by over a decade and measure privacy concerns, distinct from preferences for regulatory protections e.g., data portability, erasure, automated decision-making rights. This leaves practitioners without tools to assess whether user...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/05/01 9:33 a.m.9 views

WordPress Anti-Spam Protection – No API Key, GDPR Friendly plugin <= 2.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Anti-Spam by Fullworks : GDPR Compliant Spam Protection versions = 2.3.7...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/04/01 12:0 a.m.7 views

TrendAI Insight: New U.S. National Cyber Strategy

TrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and workforce development...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/26 11:6 a.m.6 views

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/28 12:0 a.m.3 views

Security Is Not Enough: Privacy in Encryption Regulation and Lawful-Surveillance Protocols

This article argues that security is not enough to fully capture what is at stake in government exceptional access to encrypted data. A conception of privacy as security has little to say about "lawful-surveillance protocols'' -- an active research agenda in cryptography that aims to enable...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/18 11:58 a.m.11 views

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state ...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/03 11:20 a.m.6 views

Apple’s new iOS setting addresses a hidden layer of location tracking

Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there's another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was...

5.5AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2026/01/28 12:0 a.m.10 views

Data Privacy Day: Inside the role of Data Protection Officer at Opera

Privacy Data Privacy Day: Inside the role of Data Protection Officer at Opera Share January 28th, 2026 Privacy matters all year round. But every January, Data Privacy Day is a great opportunity to learn more about data privacy and protection, and to highlight their importance for everyone in the...

8.8CVSS6.9AI score0.05036EPSS
Exploits4References1
Patchstack
Patchstack
added 2026/01/23 7:57 a.m.7 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'lwcontentblock' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.36...

6.4CVSS5.4AI score0.0025EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

WordPress plugin for Data Protection – RGPD security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

5.3CVSS5.8AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

WordPress plugin WP DSGVO Tools (GDPR) cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.0025EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2025-68073

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.4...

6.5CVSS5.3AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4076

Name of the Vulnerable Software and Affected Versions Ninja Team GDPR CCPA Compliance Support versions through 2.7.4 Description A missing authorization issue exists in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance, allowing exploitation of incorrectly configured access control...

5.3AI score0.00269EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/19 12:4 p.m.6 views

WordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.4...

6.5CVSS5.4AI score0.00269EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress GDPR Cookie Compliance plugin < 4.15.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.9...

3.5CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder