Aggregator

A vulnerability described as critical has been identified in Blog2Social Plugin up to 8.6.0 on WordPress. Affected is the function getFullContent. The manipulation of the argument post_url results in server-side request forgery. This vulnerability was named CVE-2025-12560. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Easy Email Subscription Plugin up to 1.3 on WordPress. This impacts the function show_editsub_page. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-10691. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Easy Digital Downloads Plugin up to 3.5.2 on WordPress. This affects an unknown function of the component Transaction ID Handler. Executing manipulation can lead to Remote Code Execution. This vulnerability is handled as CVE-2025-11271. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in Blog2Social Plugin up to 8.6.0 on WordPress. The impacted element is the function theuploadVideo. Performing manipulation results in unrestricted upload. This vulnerability is known as CVE-2025-12563. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in Dell Command Monitor 10.9/10.10.0. The affected element is an unknown function. Such manipulation leads to execution with unnecessary privileges. This vulnerability is traded as CVE-2025-43990. An attack has to be approached locally. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in WSO2 Enterprise Integrator, API Control Plane, Universal Gateway, Traffic Manager, API Manager, Identity Server, Open Banking IAM, Open Banking AM, Identity Server as Key Manager and org.wso2.carbon.mediation:org.wso2.carbon.localentry. It has been rated as problematic. Impacted is an unknown function of the component XML Parser. This manipulation causes xml external entity reference. This vulnerability appears as CVE-2025-10713. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in OpenKM Community Edition 6.3.12. It has been declared as problematic. This issue affects some unknown processing of the component User Account Creation Interface. The manipulation of the argument Name results in cross site scripting. This vulnerability is reported as CVE-2025-57244. The attack can be launched remotely. No exploit exists.

A privilege escalation flaw in Windows Cloud Files Mini Filter Driver has been discovered, allowing local attackers to bypass file write protections and inject malicious code into system processes. Security researchers have uncovered CVE-2025-55680, a high-severity privilege-escalation vulnerability in the Windows Cloud Files Mini Filter Driver. The flaw exists in the Cloud Files Filter (cldsync.sys) […]

The post Windows Cloud Files Mini Filter Driver Vulnerability Exploited to Escalate Privileges appeared first on Cyber Security News.

A vulnerability was found in Dell CloudLink up to 8.1.0. It has been classified as critical. This vulnerability affects unknown code of the component CLI. The manipulation leads to improper privilege management. This vulnerability is documented as CVE-2025-46364. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Dell CloudLink up to 8.1 and classified as critical. This affects an unknown part. Executing manipulation can lead to os command injection. This vulnerability is registered as CVE-2025-45379. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Dell CloudLink up to 8.1 and classified as critical. Affected by this issue is some unknown functionality. Performing manipulation results in os command injection. This vulnerability is cataloged as CVE-2025-30479. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in ownCloud Guests up to 0.12.4. Affected by this vulnerability is the function showPasswordForm of the file /apps/guests/register/ of the component Mail Address Handler. Such manipulation leads to observable response discrepancy. This vulnerability is listed as CVE-2025-59716. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.