Aggregator

A vulnerability was found in exeebit Disable Auto Updates Plugin up to 1.4 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-13336. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Eclipse OpenVSX up to 0.20.0 and classified as critical. This issue affects some unknown processing of the file /user/namespace/{namespace}/details. The manipulation of the argument name/description/website/support link/social media leads to improper authorization. The identification of this vulnerability is CVE-2025-1007. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in ChurchCRM 5.13.0 and classified as problematic. This vulnerability affects unknown code of the file EditEventAttendees.php. The manipulation of the argument EID leads to cross site scripting. This vulnerability was named CVE-2025-1024. The attack can be initiated remotely. There is no exploit available.

Pangea announced AI Guard and Prompt Guard to secure AI, defending against threats like prompt injection and sensitive information disclosure. Alongside the company’s existing AI Access Control and AI Visibility products, Pangea now offers comprehensive suite of guardrails to secure AI applications. “As companies race to build and deploy AI apps via RAG and agentic frameworks, integrating LLMs with users and sensitive data introduces substantial security risks,” said Oliver Friedrichs, CEO of Pangea. “New attacks … More →

The post Pangea introduces AI guardrails to secure AI applications appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in portfoliohub Portfolio Builder Plugin up to 1.1.7 on WordPress. This affects the function add_video. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-13231. It is possible to initiate the attack remotely. There is no exploit available.

浏览器已从单纯的访问工具演变为数据安全的第一道防线，企业级安全浏览器更是从“可选工具”进化为“数字基建的核心组件”。

浏览器已从单纯的访问工具演变为数据安全的第一道防线，企业级安全浏览器更是从“可选工具”进化为“数字基建的核心组件”。

浏览器已从单纯的访问工具演变为数据安全的第一道防线，企业级安全浏览器更是从“可选工具”进化为“数字基建的核心组件”。

浏览器已从单纯的访问工具演变为数据安全的第一道防线，企业级安全浏览器更是从“可选工具”进化为“数字基建的核心组件”。

浏览器已从单纯的访问工具演变为数据安全的第一道防线，企业级安全浏览器更是从“可选工具”进化为“数字基建的核心组件”。

Oud-defensieminister Frits Bolkestein is 17 februari in Laren overleden, zo maakte zijn familie gisteren bekend. Hij leidde het departement van september 1988 tot november 1989 in het kabinet Lubbers-II. Frits Bolkestein werd 91 jaar.

A vulnerability classified as very critical has been found in RealFlex RealWin 1.06/2.0/2.1. Affected is an unknown function. The manipulation leads to numeric error. This vulnerability is traded as CVE-2011-1564. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Links 0.9.2/1.00pre12. It has been classified as critical. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2006-5925. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the threat intelligence company shared on Tuesday. “This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems.” CVE-2025-0108 + CVE-2024-9474 and/or CVE-2025-0111 Palo Alto Networks has updated the … More →

The post Attackers are chaining flaws to breach Palo Alto Networks firewalls appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in berginformatik Cosmic Blocks Content Editor Blocks Collection Plugin up to 1.3.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13674. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in simply4net Widget BUY.BOX Plugin up to 3.1.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13679. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in binnyva Pollin Plugin up to 1.01.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13711. It is possible to launch the attack remotely. There is no exploit available.