Vulnerability Disclosure

Trail of Bits Vulnerability Disclosure Mar 11

Six mistakes in ERC-4337 smart accounts

Account abstraction transforms fixed “private key can do anything” models into programmable systems that enable batching, recovery and spending limits, and f...

Trail of Bits →

Wordfence Blog Vulnerability Disclosure WordPress Mar 10

400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin

On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active ins...

Wordfence Blog →

Infosecurity Magazine Vulnerability Disclosure Google Mar 10

Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials, Google Cloud Finds

Google Cloud report details a sharp rise in attackers exploiting software vulnerabilities, including React2Shell

Infosecurity Magazine →

Wordfence Blog Vulnerability Disclosure WordPress Mar 9

30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin

On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than ...

T1556

Wordfence Blog →

Cloudflare Blog Vulnerability Disclosure Amazon Cloudflare Mar 9

Active defense: introducing a stateful vulnerability scanner for APIs

Cloudflare’s new Web and API Vulnerability Scanner helps teams proactively find logic flaws. By using AI to build API call graphs, we identify vulnerabilitie...

Cloudflare Blog →

Elastic Security Labs Vulnerability Disclosure Microsoft Mar 6

Patch diff to SYSTEM

Leveraging LLMs and patch diffing, this research details a Use-After-Free vulnerability in Windows DWM, demonstrating a reliable exploit that achieves escala...

Elastic Security Labs →

Wordfence Blog Vulnerability Disclosure Intel WordPress Mar 5

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 23, 2026 to March 1, 2026)

Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...

Wordfence Blog →

Infosecurity Magazine Vulnerability Disclosure Apple Mar 5

Coruna Exploit Kit Targets Older iPhones in Multi-Stage Campaigns

Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.

T1041 T1588

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Mar 5

Zero-Click FreeScout Bug Enables Remote Code Execution

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

T1190

Infosecurity Magazine →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Softwar...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defen...

T1059 T1598

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability

A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adapt...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Adaptive Security Appliance Software Multiple Context Mode SCP Unauthorized File Access Vulnerability

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local a...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthe...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Soft...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Management Center and Secure Firewall Threat Defense Software Path Traversal Vulnerability

A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Softwa...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control List Bypass Vulnerability

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an un...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass auth...

T1556

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability

A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software co...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) ...

T1498

Cisco Advisories →