Searchenginejournal.com

WP Statistics WordPress Plugin Patches CSRF Vulnerability

The United States Government National Vulnerability Database (NVD) published an advisory about a vulnerability discovered in the WP Statistics WordPress plugin that affects up to 600,000 active ...
Searchenginejournal.com

WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites

The United States government National Vulnerability Database (NVD) published an advisory about Shortcodes Ultimate WordPress plugin, warning that it was discovered to contain a Cross Site Request ...
Cyber Daily

US cyber agency adds five Known Exploited Vulnerabilities to its KEV catalogue

Cisco IOS, Fortra GoAnywhere, and open source database manager Adminer all make the cut in latest CISA KEV update.
Security Boulevard

How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381

Tenable Research recently discovered that the original patch for a critical vulnerability affecting BentoML could be bypassed ...
CSOonline

MLflow vulnerability enables remote machine learning model theft and poisoning

Patched in the latest version of MLflow, the flaw allows attackers to steal or poison sensitive training data when a developer visits a random website on the internet. This has been a pivotal year for ...
WPRI 12

Xeris Threat Lab Uncovers Metadata Forgery Vulnerability in MCP Servers

Silent metadata manipulation allows malicious MCP Servers to access unauthorized LLM data, exposing a new layer of AI infrastructure risk This isn’t a prompt injection or jailbreak; it’s a silent ...