#vulnerability

WordPress Hash Form plugin version 1.1.0 suffers from a PHP code injection vulnerability.

WordPress GiveWP Donation Fundraising Platform version 3.14.1 suffers from a PHP code injection vulnerability.

ViciDial version 2.0.5 suffers from a cross site request forgery vulnerability.

Vehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.

Transport Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Printing Business Records Management System version 1.0 suffers from an ignored default credential vulnerability.

Online Eyewear Shop version 1.0 suffers from an ignored default credential vulnerability.

AVideo version 12.4 suffers from a PHP code injection vulnerability.

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The `org.apache.commons.io.input.XmlStreamReader` class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.