An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax opera
Description An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. Metrics NVD enrichment efforts reference publicly available information […]
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.
References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There […]
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.
Description Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. Metrics NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed. CVSS 4.0 Severity and Vector […]
The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (
Current Description The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) View Analysis Description Metrics NVD enrichment efforts reference publicly available […]
The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.
Description The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. Metrics NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed. […]
The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this,
Description The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the […]
Microsoft OneNote Spoofing Vulnerability
References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There […]
A Decade of NSE 8: Why the Industry’s Highest Technical Bar Still Matters | Fortinet Blog
To mark the 10-year milestone of NSE 8, Fortinet is releasing a new ebook that looks beyond exams and objectives to explore what expert-level mastery really takes. “Becoming a Fortinet NSE 8: Profiling the Journeys of Cybersecurity’s Top Experts” examines the experience, mindset, and real-world skills that define NSE 8 professionals—along with the curiosity, discipline, and passion […]
Why Certification Has Become a Strategic Control for CISOs | CISO Collective
Executive Summary Certifications have moved from background compliance artifacts to a practical control CISOs use to demonstrate how security is designed, governed, and sustained. As regulatory requirements expand and fragment, boards increasingly demand evidence over assurance, while customers and partners expect claims that can be independently verified. Certification provides a common reference point that aligns […]
AI Is Transforming Cybersecurity, but the Skills Gap Still Presents Significant Risk | Fortinet Blog
Artificial intelligence (AI) now sits at the center of modern cybersecurity strategy, accelerating threat detection, enabling automation, and helping security teams manage unprecedented volumes of data. However, AI also accelerates cybercrime by lowering the barrier to entry for attackers and amplifying the scale and sophistication of attacks. The 2025 Global Cybersecurity Skills Gap report clearly captures this […]