X

Vous n'êtes pas connecté

Rubriques :

Maroc Maroc - THECYBERTHRONE.IN - A La Une - 10/12/2024 10:40

WordPress WPForms flaw CVE-2024-11205

A critical vulnerability has been discovered in WordPress plugin WPForms. The flaw allows authenticated attackers with subscriber-level privileges or higher to execute unauthorized refunds of Stripe payments and cancellations of Stripe subscriptions Thr vulnerability tracked as CVE-2024-11205 with a CVSS score of 7.5, stems in the ajax_single_payment_refund() and ajax_single_payment_cancel() functions within the plugin’s SingleActionsHandler class. […]

Articles similaires

Sorry! Image not available at this time

ACF Plugin Flaw Exposes 50,000 WordPress Sites to Admin Takeover

itsecuritynews.info - 07/Feb 15:34

  A critical vulnerability in the Advanced Custom Fields: Extended (ACF Extended) WordPress plugin has exposed around 50,000 sites to potential...

Sorry! Image not available at this time

Critical Fortinet FortiClientEMS flaw allows remote code execution

itsecuritynews.info - 09/Feb 21:34

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent...

Sorry! Image not available at this time

Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover

itsecuritynews.info - 19/Feb 11:09

A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for...

Sorry! Image not available at this time

Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover

itsecuritynews.info - 19/Feb 11:09

A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for...

Sorry! Image not available at this time

Critical SandboxJS Vulnerability Allows Remote Host Takeover – PoC Released

itsecuritynews.info - 11/Feb 17:18

A severe sandbox escape vulnerability has been discovered in the JavaScript library, enabling attackers to execute arbitrary code on host systems. The...

Sorry! Image not available at this time

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

securityaffairs.co - 13/Feb 15:19

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors...

Sorry! Image not available at this time

Grandstream VoIP Phones Vulnerability Grants Attackers Root Privileges

itsecuritynews.info - 13:18

A critical unauthenticated stack-based buffer overflow vulnerability, tracked as CVE-2026-2329, affecting Grandstream GXP1600 series VoIP phones....

Sorry! Image not available at this time

Grandstream VoIP Phones Vulnerability Grants Attackers Root Privileges

itsecuritynews.info - 13:18

A critical unauthenticated stack-based buffer overflow vulnerability, tracked as CVE-2026-2329, affecting Grandstream GXP1600 series VoIP phones....

Sorry! Image not available at this time

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

securityaffairs.co - 19/Feb 11:54

CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S....

Sorry! Image not available at this time

Critical Fortinet FortiClientEMS flaw allows remote code execution

securityaffairs.co - 09/Feb 20:54

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent...

Les derniers communiqués