Aggregator

黑客“Satanic”声称通过第三方集成导致WooCommerce数据泄露，440万用户记录被出售。

2024全球僵尸网络威胁态势深度洞察

看雪论坛作者ID：BitWarden

A vulnerability has been found in Eclime 1.1.2b and classified as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument Country leads to sql injection. This vulnerability was named CVE-2010-4851. The attack can be initiated remotely. Furthermore, there is an exploit available.

基于DruidDataSourceFactory的一些jdbcAttack。基于BeanFactory。。。。。

Cybersecurity researchers have identified a significant spike in exploitation attempts targeting TVT NVMS9000 digital video recorders (DVRs), with activity surging to three times normal levels in early April 2025. This new campaign appears to be linked to the infamous Mirai botnet, which continues to evolve by incorporating new vulnerabilities into its arsenal of attack vectors. […]

The post New Mirai Botnet Exploiting TVT DVRs To Gain Administrative Control appeared first on Cyber Security News.

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as 'Superstar,' faced consequences such as arrests, house searches, arrest warrants or 'knock and talks,'" Europol said in a

История андроида, который хотел, чтобы от него отстали… Но вынужден спасать мир.

在一次项目中遇到某java开源系统，遂对其进行漏洞挖掘。

A vulnerability classified as problematic has been found in Siemens Mendix Runtime 10.16.0. Affected is an unknown function. The manipulation leads to observable response discrepancy. This vulnerability is traded as CVE-2025-30280. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in detheme DethemeKit for Elementor Plugin up to 2.1.10 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-32260. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Woocommerce Advanced Product Organizer – Dynamic Sorting & Reordering Plugin up to 1.9 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-32236. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in themefusecom Brizy Plugin up to 2.6.14 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-32198. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in FooBox Image Lightbox Plugin up to 2.7.33 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-32139. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in vcita Contact Form Builder Plugin up to 4.10.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-32199. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Swatchly Plugin 1.2.8/1.4.0 on WordPress. Affected is an unknown function of the component Options Update Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-2719. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Embedder Plugin 1.3/1.3.5 on WordPress. Affected by this vulnerability is the function ajax_set_global_option. The manipulation leads to improper authorization. This vulnerability is known as CVE-2025-3417. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in ORDER POST Plugin up to 2.0.2 on WordPress. Affected by this issue is the function do_shortcode of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-2805. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in azurecurve Shortcodes in Comments Plugin up to 2.0.2 on WordPress. This affects the function do_shortcode of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2025-2809. It is possible to initiate the attack remotely. There is no exploit available.