2138 matches found
EUVD-2026-38758
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...
CVE-2026-12242
CVE-2026-12242 affects the WordPress AdRotate Banner Manager plugin up to version 5.17.7. The vulnerability is PHP Code Injection via the banner attribute of the adrotate shortcode, caused by insufficient validation and sanitization before concatenation into a PHP code string wrapped in W3 Total ...
CVE-2026-8705
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
CVE-2026-8705
The CVE describes a SQL injection in the ClearSale Total WordPress plugin (versions <= 3.4.2). The vulnerability occurs via the pagseguro[metodo] POST parameter of the clearsale_total_push AJAX action, which is accessible to unauthenticated users (wp_ajax_nopriv_clearsale_total_push). Although...
EUVD-2026-38672
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
PT-2026-51686
Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...
New Forrester Total Economic Impact™ study projects a 124% ROI from unifying with Microsoft Security
Across many industries, organizations are unifying security and putting AI agents to work. Security teams are utilizing agents that reason, decide, and act on their behalf, under their governance. At Microsoft, we see this firsthand—more than 80% of the Fortune 500 are already using AI.1 The...
CVE-2026-39595
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-39595 WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-12214
Qihoo 360 Total Security 6.0 contains a vulnerability in the RpcStringBindingComposeW function within the Nucleus Engine Monitoring Logic. Manipulating the NetworkAddr argument can cause protection mechanism failure, allowing a local attacker to exploit the issue. The exploit is publicly availabl...
CVE-2026-12214 Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...
CVE-2026-12214 Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...
EUVD-2026-36688
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...
PT-2026-49598
Name of the Vulnerable Software and Affected Versions @opentelemetry/core versions prior to 2.8.0 Description The W3CBaggagePropagator.extract function in @opentelemetry/core fails to enforce size limits when parsing inbound baggage HTTP headers. While the W3C Baggage specification recommends a...
PT-2026-49176
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...
CVE-2026-34064
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...
CVE-2026-5935
IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin , according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites...
MalTree: Tracing Malware Evolution from Embeddings at Scale
Malware detection remains largely reactive: machine learning models trained on known samples degrade as threats evolve. Understanding evolutionary relationships among malware families can inform proactive defense, but traditional reverse engineering can take months to years to uncover such lineag...