PT-2026-43572

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb country iso', 'hb usa state iso', and 'hb canada province iso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-63004

Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility all-in-one-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through = 1.15...

CVE-2025-63004

CVE-2025-63004 involves a Missing Authorization vulnerability in the WordPress plugin All in One Accessibility by Skynet Technologies USA LLC. Public data indicates affected version range is from n/a through 1.14, with a CVSS3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The connect...

EUVD-2020-19888

Malware in sbrugna...

EUVD-2024-31553

Malicious code in bioql PyPI...

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application from Zoom USA. A security vulnerability exists in Zoom Workplace that stems from a buffer overflow that could lead to a denial of service attack...

TalentNeuron Suite 安全漏洞

TalentNeuron Suite is a comprehensive platform for talent layout by TalentNeuron USA. A security vulnerability exists in TalentNeuron Suite version 0.4.3, which stems from a parameter injection and could lead to an SQL injection attack...

What happened in Vegas (that you actually want to know about)

Welcome to this week's edition of the Threat Source newsletter. Last week I flew 5,000 miles to Las Vegas for Black Hat USA. After navigating the casino carpet labyrinth and finding the only venue in Nevada that serves a proper English breakfast tea with milk lifesaver, I've decided Black Hat fee...

Mattermost Confluence Plugin 安全漏洞

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the plugin to crash...

Top IT Staff Augmentation Companies in USA 2025

Staff augmentation is a strategy for smart tech teams looking to launch something big. Trying to plug skill gaps or scale without the overhead? Collaborate with a trusted IT staff augmentation company...

Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense

Microsoft will be at Black Hat USA 2025, August 5–7 in Las Vegas, and we’re bringing you a unified, practitioner-driven experience built around real-world insights, threat intelligence, incident response, and hands-on AI expertise. We believe security teams are strongest when intelligence, tools,...

Autel MaxiCharger AC Wallbox Commercial Elevation of Privilege Vulnerability

Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. An elevation of privilege vulnerability exists in Autel MaxiCharger AC Wallbox Commercial, which can be exploited by an attacker to escalate privileges to normally user-protected resources...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from an improper implementation of two-factor authentication, which...

CVE-2024-33844

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAVMISSIONTYPE0, 1, 2, 255, which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSIONCOUNT command with a wrong MAVMISSIONTYPE...

CVE-2020-27376

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication...

CVE-2020-27374

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring...

CVE-2020-27373

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE...

CVE-2020-27375

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars...

Wyse Management Suite WMS Authorization Issues Vulnerability

Wyse Management Suite WMS is a cloud and local management platform from Dell, USA. Wyse Management Suite WMS suffers from an authorization issue vulnerability that stems from insecure inheritance permissions, no details of the vulnerability are provided at this time...

landroverusa.com Cross Site Scripting vulnerability OBB-4043249

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...