56 matches found
Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ROI class. The issue results from the lack of proper validation of a user-suppli...
EUVD-2025-3943
Malicious code in bioql PyPI...
MAL-2025-42987 Malicious code in @zalastax/nolb-_dsr-roi (npm)
The package @zalastax/nolb-dsr-roi was found to contain malicious code...
Silk Typhoon targeting IT supply chain
Executive summary: Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access. While they haven't been observed directly targeting Microsoft...
CVE-2025-24756
Cross-Site Request Forgery CSRF vulnerability in mgplugin Roi Calculator roi-calculator allows Stored XSS.This issue affects Roi Calculator: from n/a through = 1.0...
CVE-2025-24756
Cross-Site Request Forgery CSRF vulnerability in mgplugin Roi Calculator roi-calculator allows Stored XSS.This issue affects Roi Calculator: from n/a through = 1.0...
CVE-2025-24756 WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0...
CVE-2025-24756 WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in mgplugin Roi Calculator roi-calculator allows Stored XSS.This issue affects Roi Calculator: from n/a through = 1.0...
CVE-2025-24756
CVE-2025-24756 : CSRF to Stored XSS in the WordPress plugin Roi Calculator (affected: versions n/a–1.0). Root cause: cross-site request forgery enabling storedXSS in Roi Calculator. Impact: high-severity exposure of stored content; CVSS v3.1 base 7.1. Exploitation details are not provided in the ...
WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Roi Calculator versions = 1.0...
PT-2025-5565 · Unknown · Mgplugin Roi Calculator
Name of the Vulnerable Software and Affected Versions: mgplugin Roi Calculator versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the mgplugin Roi Calculator. Recommendations: For mgplugin Roi Calculator versions n/a throug...
WordPress plugin Roi Calculator 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
Takeaways From The Take Command Summit: Unlocking ROI in Security
Rapid7 CMO Cindy Stanton hosted a discussions with Cindy Stanton, Byron Anderson, Principal InfoSec Engineer, KinderCare Learning Companies and Gaël Frouin Director IT Security, AAA Northeast to talk strategies for measuring team performance and demonstrating ROI in cybersecurity at Rapid7’s rece...
Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...
Why the Right Metrics Matter When it Comes to Vulnerability Management
How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working? And even if you are...
Qualys API Best Practices: Policy Compliance – Posture Streaming (PCRS) API
This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...
Google Pixel Buffer Error Vulnerability
Google Pixel is a smartphone from Google, Inc. in the United States. Google Pixel suffers from a security vulnerability that stems from an incorrect boundary check in the ctrlroi method of stmvl53l1module.c, which may result in an out-of-bounds read. This could result in local privilege escalatio...
Malwarebytes MDR wins G2 awards for "Best ROI," "Easiest to Use," and more
Malwarebytes Managed Detection and Response MDR earned a placed in 12 new reports on G2s Fall 2023 reports, winning badges for "Easiest to do Business With," "Best Est. ROI," "Easiest to Use," and "Easiest Admin." Purpose-built for resource constrained teams, Malwarebytes MDR provides IT staff wi...
Three Security Vendor Consolidation Myths Debunked
When it comes to security vendor consolidation, Gartner found that 57% of organizations are working with fewer than ten security vendors, utilizing consolidation to cut costs and improve their overall security posture. But what about the other 43%? While security vendor consolidation has many...
PCMag ranks Malwarebytes #1 cybersecurity vendor
PCMag, one of the most trusted publications by IT professionals, named Malwarebytes the 1 most-recommended security software vendor on its list of Best Tech Brands for 2023. The ranking is based on a Net Promoter Score NPS, a composite rating based on customer reviews from PCMag's Readers Choice...