Searchenginejournal.com

WP Statistics WordPress Plugin Patches CSRF Vulnerability

The United States Government National Vulnerability Database (NVD) published an advisory about a vulnerability discovered in the WP Statistics WordPress plugin that affects up to 600,000 active ...
Searchenginejournal.com

Inspiro WordPress Theme Vulnerability Affects Over 70,000 Sites

A vulnerability advisory was published for the Inspiro WordPress theme by WPZoom. The vulnerability arises due to a missing or incorrect security validation that enables an unauthenticated attacker to ...
SecurityWeek

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

Microsoft has patched CVE-2025-55315, a critical vulnerability in the ASP.NET Core open source web development framework.
The Hacker News

Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

CISA adds five exploited vulnerabilities, including Oracle, Microsoft, Kentico, and Apple flaws, requiring fixes by Nov 10, ...

Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ...
The Register on MSN

Microsoft kills 9.9-rated ASP.NET Core bug – 'our highest ever' score

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has ...
CSOonline

MLflow vulnerability enables remote machine learning model theft and poisoning

Patched in the latest version of MLflow, the flaw allows attackers to steal or poison sensitive training data when a developer visits a random website on the internet. This has been a pivotal year for ...
WPRI 12

Xeris Threat Lab Uncovers Metadata Forgery Vulnerability in MCP Servers

Silent metadata manipulation allows malicious MCP Servers to access unauthorized LLM data, exposing a new layer of AI infrastructure risk This isn’t a prompt injection or jailbreak; it’s a silent ...