Computer Weekly

Cross-site scripting a top vulnerability, hackers find

Cross-site scripting (XSS) is the most commonly exploited vulnerability, according to HackerOne, currently the largest platform aimed at connecting organisations with a community of white hat hackers ...
SecurityWeek

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities

MITRE has released the 2025 CWE Top 25 most dangerous software vulnerabilities list, which includes three new buffer overflow ...
Searchenginejournal.com

WordPress SiteOrigin Widgets Bundle Plugin Vulnerability Affects +600,000 Sites

The SiteOrigins Widgets plugin, with +600,000 active installations, provides a way to easily add a multitude of widget functions like sliders, carousels, maps, change the way blog posts are displayed, ...
Searchenginejournal.com

WordPress Vulnerability Update

WordPress announced an update that fixes seventeen bug fixes and seven vulnerabilities. WordPress is automatically updating sites to WordPress 5.4.1. It is important to check that your WordPress ...
Bleeping Computer

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. Although 90 days ...
Bleeping Computer

CISA urges software devs to weed out XSS vulnerabilities

CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping. The two federal ...