Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

WordPress Social Login And Register 7.6.4 Authentication Bypass

WordPress Social Login and Register plugin versions 7.6.4 and below suffer from an authentication bypass vulnerability.

Packet Storm
Open in Source
#vulnerability#web#google#wordpress#intel#perl#auth
Open Source LLM Projects Likely Insecure, Risky to Use

New LLM-based projects typically become successful in a short period of time, but the security posture of these generative AI projects are very low, making them extremely unsafe to use.

Exposed Interfaces in US Federal Networks: A Breach Waiting to Happen

By Waqas The research mainly aimed at examining VPNs, firewalls, access points, routers, and other remote server management appliances used by top government agencies in the United States. This is a post from HackRead.com Read the original post: Exposed Interfaces in US Federal Networks: A Breach Waiting to Happen

Cequence Security Adds Generative AI to API Security

Cequence's latest updates to its Unified API Protection platform help organizations reduce the time needed to create API security testing plans.

Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics

Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.

WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference

WordPress LearnDash LMS version 4.6.0 suffers from an insecure direct object reference vulnerability.

Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

As the business environment becomes increasingly connected, organizations’ attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan coverage, among others. Given attack surface sprawl and evolving threats, many organizations are

CVE-2023-3412: Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting — Wordfence Intelligence

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.

CVE-2023-3411: Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Wordfence Intelligence

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajax_store_save() function. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows

Categories: News ChatGPT may have already hit its public perception wall, according to a Malwarebytes survey that showed high levels of distrust and concern in the tool's trustworthiness and safety. (Read more...) The post 81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows appeared first on Malwarebytes Labs.