Aggregator

Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safari browser. The finding highlights the importance of testing for diverse browser behaviors during security assessments. Discovery […]

The post Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2025-58142 | Xen SIM Page null pointer dereference

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Xen. It has been classified as critical. This vulnerability affects unknown code of the component SIM Page. Performing manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-58142. The attack can only be performed from the local network. There is not any exploit available. It is suggested to install a patch to address this issue.
vuldb.com

CVE-2025-9855 | Enhanced BibliPlug Plugin up to 1.3.8 on WordPress Shortcode bibliplug_authors cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability has been found in Enhanced BibliPlug Plugin up to 1.3.8 on WordPress and classified as problematic. Affected by this issue is the function bibliplug_authors of the component Shortcode Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-9855. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-9633 | LH Signing Plugin up to 2.83 on WordPress Setting plugin_options cross-site request forgery

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in LH Signing Plugin up to 2.83 on WordPress. Affected by this vulnerability is the function plugin_options of the component Setting Handler. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2025-9633. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-8398 | azurecurve BBCode Plugin up to 2.0.4 on WordPress Shortcode url cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in azurecurve BBCode Plugin up to 2.0.4 on WordPress. Affected is the function url of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8398. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-9617 | Publish Approval Plugin up to 1.1 on WordPress Setting publish_save_option cross-site request forgery

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic was found in Publish Approval Plugin up to 1.1 on WordPress. This impacts the function publish_save_option of the component Setting Handler. Executing manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2025-9617. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-9620 | SEO Monster Plugin up to 3.3.3 on WordPress Setting check_integration cross-site request forgery

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic has been found in SEO Monster Plugin up to 3.3.3 on WordPress. This affects the function check_integration of the component Setting Handler. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-9620. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

AI is everywhere, but scaling it is another story

Help Net Security
9 months 1 week ago

AI is being adopted across industries, but many organizations are hitting the same obstacles, according to Tines. IT leaders say orchestration is the key to scaling AI. They point to governance, visibility, and collaboration as the critical areas executives need to watch. Views on Al and orchestration in the organization (Source: Tines) Companies invest heavily in AI Organizations are pouring resources into AI, yet many initiatives remain isolated or slow-moving. Without a coordinated approach, AI … More →

The post AI is everywhere, but scaling it is another story appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2025-8691 | WP Scriptcase Plugin up to 2.0.0 on WordPress Parameter url cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability marked as problematic has been reported in WP Scriptcase Plugin up to 2.0.0 on WordPress. The affected element is an unknown function of the component Parameter Handler. This manipulation of the argument url causes cross site scripting. This vulnerability appears as CVE-2025-8691. The attack may be initiated remotely. There is no available exploit.
vuldb.com

Managed ad