Currently trending CVE - Hype Score: 1 - httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP ...
Currently trending CVE - Hype Score: 3 - The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the ...
Currently trending CVE - Hype Score: 1 - The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output ...
Currently trending CVE - Hype Score: 2 - Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Currently trending CVE - Hype Score: 2 - Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Currently trending CVE - Hype Score: 2 - The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce ...
Currently trending CVE - Hype Score: 3 - A possible security vulnerability has been identified in Apache Kafka.
By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature, ...
Currently trending CVE - Hype Score: 1 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the ...
A vulnerability marked as critical has been reported in WP All Export Pro Plugin up to 1.7.8 on WordPress. Affected is an unknown function. This manipulation causes code injection.
This vulnerability is tracked as CVE-2022-3394. The attack is only possible within the local network. No exploit exists.
It is suggested to upgrade the affected component.
A vulnerability labeled as critical has been found in BestWebSoft Post to CSV Plugin up to 1.4.0 on WordPress. Affected by this issue is some unknown functionality. Such manipulation of the argument escape leads to csv injection.
This vulnerability is referenced as CVE-2022-3393. The attack needs to be initiated within the local network. No exploit is available.
A vulnerability marked as critical has been reported in WP All Export Pro Plugin up to 1.7.8 on WordPress. This affects an unknown part of the component POST Parameter Handler. Performing a manipulation of the argument cc_sql results in sql injection.
This vulnerability is identified as CVE-2022-3395. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
A vulnerability was found in WP Humans.txt Plugin up to 1.0.6 on WordPress. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. This manipulation causes cross site scripting.
This vulnerability is registered as CVE-2022-3392. Remote exploitation of the attack is possible. No exploit is available.
Japan’s largest taxi operator Nihon Kotsu shut down systems after a malware attack, disrupting dispatch and bookings. Nihon Kotsu, Japan’s largest taxi company, disclosed on July 13, 2026 that its internal systems suffered an unauthorized external access involving malware infection in the early morning hours of Saturday, July 11. The company immediately shut down systems […]
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed.
A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not