Vulnerability Disclosure

Wordfence Blog Vulnerability Disclosure WordPress Apr 10

The Increasing Role of AI in Vulnerability Research

At Wordfence, we run a bug bounty program that pays out mid-six figures per year to researchers in bug bounties for WordPress related vulnerabilities. Fundin...

Wordfence Blog →

Exploit Database Vulnerability Disclosure Apr 10

[local] NetBT e-Fatura - Privilege Escalation

NetBT e-Fatura - Privilege Escalation

T1548

Exploit Database →

Wordfence Blog Vulnerability Disclosure Intel WordPress Apr 9

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were disclosed in that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Se...

Wordfence Blog →

SentinelOne Blog Vulnerability Disclosure Apr 9

Edge Decay: How a Failing Perimeter Is Fueling Modern Intrusions

Edge devices are prime targets — learn how attackers exploit the perimeter to gain access, persist, and pivot to identity.

SentinelOne Blog →

Exploit Database Vulnerability Disclosure Apr 9

[webapps] React Server 19.2.0 - Remote Code Execution

React Server 19.2.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 9

[webapps] Jumbo Website Manager - Remote Code Execution

Jumbo Website Manager - Remote Code Execution

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 9

[local] ZSH 5.9 - RCE

ZSH 5.

Exploit Database →

Unit 42 Vulnerability Disclosure Amazon Apr 8

Cracks in the Bedrock: Agent God Mode

Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks.

T1548 T1041

Unit 42 →

Infosecurity Magazine Vulnerability Disclosure WordPress Apr 8

Critical Vulnerability in Ninja Forms Exposes WordPress Sites

Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Apache Apr 8

Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years

Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic

Infosecurity Magazine →

Exploit Database Vulnerability Disclosure Apr 8

[webapps] FortiWeb 8.0.2 - Remote Code Execution

FortiWeb 8.0.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 8

[webapps] xibocms 3.3.4 - RCE

xibocms 3.3.

Exploit Database →

Infosecurity Magazine Vulnerability Disclosure Apr 7

GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise

GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root

T1548

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Amazon Apr 7

GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration

GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data

T1041

Infosecurity Magazine →

Unit 42 Vulnerability Disclosure Kubernetes Apr 6

Understanding Current Threats to Kubernetes Environments

Unit 42 uncovers escalating Kubernetes attacks, detailing how threat actors exploit identities and critical vulnerabilities to compromise cloud environments....

Unit 42 →

Wordfence Blog Vulnerability Disclosure WordPress Apr 6

50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress Plugin

On January 8th, 2026, we received a submission for an Arbitrary File Upload vulnerability in Ninja Forms - File Upload, a WordPress plugin with an estimated ...

T1190

Wordfence Blog →

US-CERT Alerts Vulnerability Disclosure Apr 6

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication Apri...

US-CERT Alerts →

Cisco Advisories Vulnerability Disclosure Apple Cisco Apr 2

Cisco IOS XE Software Denial of Service Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected ...

T1498 T1598

Cisco Advisories →

Infosecurity Magazine Vulnerability Disclosure Apple Apr 2

Apple Expands iOS 18 Security Updates Amid DarkSword Threat

iOS/iPadOS 18.7.

T1588

Infosecurity Magazine →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the un...

Cisco Advisories →