771 matches found
Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP fil...
Shield Security Plugin < 20.0.6 - Cross-Site Scripting
The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'navsub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other...
Malicious code in mev-shield (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...
MAL-2026-4609 Malicious code in mev-shield (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference to hiddevice for devm allocation of the inputdev name. Using hiddevice for devm allocation of the inputdev name helps prevent use-after-free issues. inputunregisterdevice will trigger the cleanup of...
GHSA-5HFV-C864-QCQ9 CI4MS has a Deactivated User Session Bypass (active=0)
Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...
CI4MS has a Deactivated User Session Bypass (active=0)
Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...
SENTINELSHIELD-ADVANCED-INTRUSION-DETECTION-WEB-PROTECTION-SYSTEM
No d...
EUVD-2016-10869
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious...
CVE-2016-20060
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious...
CVE-2016-20060 Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious...
CVE-2016-20060 Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious...
CVE-2016-20060
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious...
CVE-2016-20060
Affected software: Hotspot Shield 6.0.3. Vulnerability: unquoted service path in the hshld service binary enables local privilege escalation by placing malicious executables in the service path; on service restart or system reboot, code executes with LocalSystem privileges. Root cause: unquoted s...
Pango Hotspot Shield 代码问题漏洞
Pango Hotspot Shield is a VPN Virtual Private Network proxy software developed by the American company Pango. Version 6.0.3 of Pango Hotspot Shield has a code vulnerability. This vulnerability stems from an issue with the hshld service binary, where a service path without quotes exists. This coul...
Automating Cloud Security and Forensics through a Secure-By-Design Generative AI Framework
As cloud environments become increasingly complex, cybersecurity and forensic investigations must evolve to meet emerging threats. Large Language Models LLMs have shown promise in automating log analysis and reasoning tasks, yet they remain vulnerable to prompt injection attacks and lack forensic...
The threat to critical infrastructure has changed. Has your readiness?
Critical infrastructure CI organizations underpin national security, public safety, and the economy. In 2026, the cyber threat landscape facing these sectors is structurally different than it was even two years ago. What Microsoft Threat Intelligence is observing across critical infrastructure...
The threat to critical infrastructure has changed. Has your readiness?
Critical infrastructure CI organizations underpin national security, public safety, and the economy. In 2026, the cyber threat landscape facing these sectors is structurally different than it was even two years ago. What Microsoft Threat Intelligence is observing across critical infrastructure...
This Is the System That Intercepted Iran’s Missiles Over the UAE
As Iranian missiles targeted US-linked sites across the Gulf, the UAE’s missile shield was activated in real time...
WordPress Shield Security plugin <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability
Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...