PT-2026-46330

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

UBUNTU-CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2. Veeam Product Latest Version Download Page Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

PT-2023-32457 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions prior to 3.3.26 Description: The issue is related to the lack of CSRF checks in some admin pages of the plugin, which could allow attackers to make logged-in users perform unwanted actio...

PT-2023-8865 · Unknown +1 · Minizip-Ng +1

Name of the Vulnerable Software and Affected Versions: minizip-ng version 4.0.2 Description: The issue is related to a Buffer Overflow in the mz path resolve function, located in the mz os.c file, which can be exploited by an attacker using a crafted file. This could allow a remote attacker to...

GHSA-R25M-CR6V-P9HQ ethyca-fides Webserver API Path Traversal vulnerability

Impact A path traversal directory traversal vulnerability affects fides versions lower than 2.15.1, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. Patches The vulnerability is patched in fides 2.15.1. Users should upgrade to this version...

ethyca-fides Webserver API Path Traversal vulnerability

Impact A path traversal directory traversal vulnerability affects fides versions lower than 2.15.1, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. Patches The vulnerability is patched in fides 2.15.1. Users should upgrade to this version...

PYSEC-2023-107

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

How Wazuh Improves IT Hygiene for Cyber Security Resilience

IT hygiene is a security best practice that ensures that digital assets in an organization's environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility...

PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

Security Advisory 0047

Security Advisory 0047 PDF Date: April 14th, 2020 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | April 14th, 2020 | Initial Release The CVE-ID tracking this issue: CVE-2019-18948 CVSSv3 Base Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description This security advisory documents the...

ThreatList: Google Play Nine Times Safer Than Third-Party App Stores

Bearing out the conventional wisdom that avoiding third-party app stores is a security best practice, new data from Google shows that Android devices that only download apps from Google Play are nine times less likely to end up with malware. According to Google’s inaugural Android Ecosystem...

drchrono: Information Disclosure

Hey, I found Following Security issue on your site. Information Disclosure :- your Wordpress installation in Disclosing its version Number in https://drchrono.com/blog/readme.html This can a hacker in speeding up the process or information gathering though discovering your wordpress version numbe...

RelateIQ: Failed Certificate Validation On Custom Server (Register)

Hi, in the register page a custom server can be used to define "where to connect to". Your system does not validate the SSL certificate of this host which makes it easy to tamper with the data your system do in behalf of the user. As only SSL links are allowed by the application the user could...

SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

This module enables the delivery of push notifications to iOS and Android devices. The module doesn't sufficiently randomize the certificate filenames required for Apple's Push Notification service or protect the files from being publicly accessible, which could allow an attacker to acquire the...

Security Best Practice: Blocking Yahoo! Messenger

Instant Messaging applications allow communication and collaboration between Internet users using various modes of communication, including instant messages exchange, voice and video, application sharing, white board, file transfer and remote assistance.Yahoo! Messenger is an...

Security Best Practice: Familiarize Yourself with the Non Compliant HTTP Protection

HTTP Protocol Inspection provides strict enforcement of the HTTP protocol, ensuring these sessions comply with RFC standards and common security practices...

Security Best Practice: Familiarize Yourself with the Max Ping Size Protection

Ping is a computer network administration utility used to test whether a particular host is reachable across an IP network and to measure the round-trip time for packets sent from the local host to a destination computer, including the local host's own interfaces.Ping operates by sending Internet...

Security Best Practice: Familiarize Yourself with the Network Quota Protection

Network Quota enforces a limit upon the number of connections that are allowed from the same source IP, to protect against Denial Of Service attacks...