Accelerate investigation and response with Red Canary and Zscaler Internet Access
Red Canary brings critical Zscaler context into investigations to enable precise threat response and save you time.
Aggregator
Safepay
2 months 2 weeks ago
You must login to view this content
cohenido
Affirm Buy Now Pay Later Service Allegedly Breached, Exposing 26.7 Million User Records
2 months 2 weeks ago
Affirm Buy Now Pay Later Service Allegedly Breached, Exposing 26.7 Million User Records
Dark Web Informer
Europe's GCVE Raises Concerns Over Fragmentation in Vulnerability Databases
2 months 2 weeks ago
GCVE would enhance global collaboration, flexibility, and efficiency in tracking security flaws. Duplicate entries and a decentralization policy may create more chaos for defenders.
Arielle Waldman
CVE-2017-1000226 | Stop User Enumeration 1.3.8 REST API Username information disclosure
2 months 2 weeks ago
A vulnerability was found in Stop User Enumeration 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component REST API. This manipulation causes information disclosure (Username).
This vulnerability is tracked as CVE-2017-1000226. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2017-18536 | stop-user-enumeration Plugin up to 1.3.7 on WordPress cross site scripting
2 months 2 weeks ago
A vulnerability has been found in stop-user-enumeration Plugin up to 1.3.7 on WordPress and classified as problematic. This impacts an unknown function. This manipulation causes cross site scripting.
The identification of this vulnerability is CVE-2017-18536. It is possible to initiate the attack remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2021-24767 | Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin Log cross-site request forgery
2 months 2 weeks ago
A vulnerability described as problematic has been identified in Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin up to 1.7.8 on WordPress. The affected element is an unknown function of the component Log Handler. The manipulation results in cross-site request forgery.
This vulnerability is cataloged as CVE-2021-24767. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2022-1952 | Free Booking Plugin for Hotels, Restaurant and Car Rental Plugin AJAX Action unrestricted upload
2 months 2 weeks ago
A vulnerability identified as critical has been detected in Free Booking Plugin for Hotels, Restaurant and Car Rental Plugin up to 1.1.15 on WordPress. This vulnerability affects unknown code of the component AJAX Action Handler. This manipulation causes unrestricted upload.
The identification of this vulnerability is CVE-2022-1952. It is possible to initiate the attack remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2023-23645 | MainWP Code Snippets Extension Plugin up to 4.0.2 on WordPress code injection
2 months 2 weeks ago
A vulnerability described as critical has been identified in MainWP Code Snippets Extension Plugin up to 4.0.2 on WordPress. The affected element is an unknown function. The manipulation results in code injection.
This vulnerability is identified as CVE-2023-23645. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2023-25444 | JS Help Desk Plugin up to 2.7.7 on WordPress unrestricted upload
2 months 2 weeks ago
A vulnerability identified as problematic has been detected in JS Help Desk Plugin up to 2.7.7 on WordPress. This vulnerability affects unknown code. Performing a manipulation results in unrestricted upload.
This vulnerability was named CVE-2023-25444. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2023-7123 | SourceCodester Medicine Tracking System 1.0 Master.php? f=save_medicine id/name/description sql injection
2 months 2 weeks ago
A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been declared as critical. Affected is an unknown function of the file /classes/Master.php? f=save_medicine. Executing a manipulation of the argument id/name/description can lead to sql injection.
The identification of this vulnerability is CVE-2023-7123. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-0650 | Project Worlds Visitor Management System 1.0 URL dataset.php Name cross site scripting
2 months 2 weeks ago
A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. This vulnerability affects unknown code of the file dataset.php of the component URL Handler. The manipulation of the argument Name with the input "><script>alert('torada')</script> leads to cross site scripting.
This vulnerability is referenced as CVE-2024-0650. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com
CVE-2024-30226 | WPDeveloper BetterDocs Plugin up to 3.3.3 on WordPress deserialization
2 months 2 weeks ago
A vulnerability described as problematic has been identified in WPDeveloper BetterDocs Plugin up to 3.3.3 on WordPress. The affected element is an unknown function. The manipulation results in deserialization.
This vulnerability is identified as CVE-2024-30226. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2022-47151 | JS Help Desk Plugin up to 2.7.1 on WordPress sql injection
2 months 2 weeks ago
A vulnerability was found in JS Help Desk Plugin up to 2.7.1 on WordPress. It has been declared as critical. The impacted element is an unknown function. The manipulation results in sql injection.
This vulnerability is identified as CVE-2022-47151. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2024-31270 | Repute InfoSystems ARForms Form Builder Plugin up to 1.6.1 on WordPress authorization
2 months 2 weeks ago
A vulnerability marked as critical has been reported in Repute InfoSystems ARForms Form Builder Plugin up to 1.6.1 on WordPress. The affected element is an unknown function. This manipulation causes missing authorization.
This vulnerability appears as CVE-2024-31270. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2024-31272 | Repute InfoSystems ARForms Form Builder Plugin up to 1.6.1 on WordPress cross-site request forgery
2 months 2 weeks ago
A vulnerability was found in Repute InfoSystems ARForms Form Builder Plugin up to 1.6.1 on WordPress. It has been declared as problematic. This affects an unknown part. Such manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2024-31272. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-33680 | MainWP Child Reports Plugin up to 2.1.1 on WordPress cross-site request forgery
2 months 2 weeks ago
A vulnerability labeled as problematic has been found in MainWP Child Reports Plugin up to 2.1.1 on WordPress. Affected is an unknown function. Such manipulation leads to cross-site request forgery.
This vulnerability is listed as CVE-2024-33680. The attack may be performed from remote. There is no available exploit.
vuldb.com
Malicious AI extensions on VSCode Marketplace steal developer data
2 months 2 weeks ago
Two malicious extensions in Microsoft's Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers. [...]
Bill Toulas
CISA Adds Five Vulnerabilities to Known Exploited Vulnerabilities Catalog
2 months 2 weeks ago
CISA Adds Five Vulnerabilities to Known Exploited Vulnerabilities Catalog
Dark Web Informer
NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves
2 months 2 weeks ago
Session 10A: Confidential Computing 2
Authors, Creators & Presenters: Weili Wang (Southern University of Science and Technology), Honghan Ji (ByteDance Inc.), Peixuan He (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology)
PAPER
WAVEN: WebAssembly Memory Virtualization for Enclaves
The advancement of trusted execution environments (TEEs) has enabled the confidential computing paradigm and created new application scenarios for WebAssembly (Wasm). "Wasm+TEE" designs achieve in-enclave multi-tenancy with strong isolation, facilitating concurrent execution of untrusted code instances from multiple users. However, the linear memory model of Wasm lacks efficient cross-module data sharing and fine-grained memory access control, significantly restricting its applications in certain confidential computing scenarios where secure data sharing is essential (e.g., confidential stateful FaaS and data marketplaces). In this paper, we propose WAVEN (WebAssembly Memory Virtualization for ENclaves), a novel WebAssembly memory virtualization scheme, to enable memory sharing among Wasm modules and page-level access control. We implement WAVEN atop WAMR, a popular Wasm runtime for TEEs, and empirically demonstrate its efficiency and effectiveness. To the best of our knowledge, our work represents the first approach that enables cross-module memory sharing with fine-grained memory access control in Wasm.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves appeared first on Security Boulevard.
Marc Handelman