Aggregator

Microsoft Windows 11 - Kernel Privilege Escalation

一次真实的现网主机操作系统内存泄漏问题的定位分析过程。

Cross Site Scripting ( XSS ) Vulnerability Payload List

本期周报简介：1、在金融专网安全防护中，如何通过技术手段与合规策略解决以下核心问题？ 2、在安全运营中，如何通过技术与管理手段解决以下痛点，提升效率并降低长期成本？

本期周报简介：1、在金融专网安全防护中，如何通过技术手段与合规策略解决以下核心问题？ 2、在安全运营中，如何通过技术与管理手段解决以下痛点，提升效率并降低长期成本？

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 21st of April 2025

Currently trending CVE - Hype Score: 11 - An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While ...

Ransomware Attack Update for the 21st of April 2025

A vulnerability has been found in Caseproof Memberpress Plugin up to 1.11.37 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-39407. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in JetTabs Plugin up to 2.2.7 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-39450. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in JetElements for Elementor Plugin up to 2.7.4.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-39448. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in WPAMS Plugin up to 44.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-39392. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in VJInfotech WP Import Export Lite Plugin up to 3.9.27 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2839. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Booster Plus for WooCommerce Plugin up to 7.2.4 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-39446. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in BruteGuard Plugin up to 0.1.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-39408. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Tax Switch for WooCommerce Plugin up to 1.4.2 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument class-name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3814. It is possible to initiate the attack remotely. There is no exploit available.