Aggregator

A vulnerability classified as problematic was found in Advanced Reorder Image Text Slider Plugin up to 1.0 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-4188. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Alink Tap Plugin up to 1.3.1 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-4198. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Subpage List Plugin up to 1.3.3 on WordPress. It has been declared as problematic. This vulnerability affects the function subpages of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-4168. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Personizely Plugin up to 0.10 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument widgetId leads to cross site scripting. The identification of this vulnerability is CVE-2025-3779. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Xavins Review Ratings Plugin up to 1.4.0 on WordPress. It has been classified as problematic. This affects the function xrr of the component shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-4170. It is possible to initiate the attack remotely. There is no exploit available.

Submit #562295 / VDB-307193

A vulnerability was found in Job Listings Plugin 0.1/0.1.1 on WordPress and classified as critical. Affected by this issue is the function register_action. The manipulation of the argument user_role leads to Remote Code Execution. This vulnerability is handled as CVE-2025-3918. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Profelis Informatics SambaBox up to 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-2488. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Profelis Informatics SambaBox up to 5.0. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2025-2421. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #562291 / VDB-307192

A vulnerability, which was classified as problematic, has been found in Yordam Informatics Library Automation System up to 21.5. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-1301. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

苹果大部分产品是在中国组装的，随着特朗普政府对中国征收超过 100% 的关税，继续将中国组装的苹果产品销往美国在经济上不太可行。苹果如何应对这一关税挑战？苹果表示，截至 6 月 30 日的二季度其销往美国的大部分产品将由印度和越南组装。苹果 CEO 库克(Tim Cook)表示，如果现有关税政策保持不变，二季度关税的影响将使苹果成本增加 9 亿美元，他预计未来几个季度的成本可能会更高。库克称一季度的关税影响有限。他表示苹果将继续推动供应链多元化，减少对中国的依赖。“我们学到的教训是，将所有产品集中在一个地方风险太大。”

Ireland's Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. "TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "

A vulnerability was found in Google Chrome. It has been rated as critical. Affected by this issue is some unknown functionality of the component File API. The manipulation leads to use after free. This vulnerability is handled as CVE-2021-4057. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Microsoft Edge. Affected is an unknown function of the component V8. The manipulation leads to use after free. This vulnerability is traded as CVE-2021-4102. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox, Firefox ESR and Thunderbird. Affected by this issue is some unknown functionality of the component Cursor Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is handled as CVE-2021-43546. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Opmantek Open-AudIT Community up to 4.2.x. This affects an unknown part of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2021-44916. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations. [...]

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability
• CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.