Aggregator

В AsyncOS нашли идеальную уязвимость для шпионажа.

A vulnerability was found in ZealousWeb User Registration Using Contact Form 7 Plugin up to 2.5 on WordPress. It has been rated as problematic. Affected is the function get_cf7_form_data of the component Setting Handler. This manipulation causes information disclosure. This vulnerability appears as CVE-2025-12825. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Community Events Plugin up to 1.5.6 on WordPress. It has been declared as problematic. This impacts the function ajax_admin_event_approval. The manipulation of the argument eventlist results in missing authorization. This vulnerability is reported as CVE-2025-14029. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Phrase TMS Integration Plugin up to 4.7.5 on WordPress. It has been classified as problematic. This affects the function wp_ajax_delete_log of the component AJAX Endpoint. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-12168. The attack can be initiated remotely. There is not any exploit available.

Black Basta has been active since at least early 2022 and is believed to be responsible for extorting hundreds of companies, hospitals and public institutions worldwide — including Swiss industrial giant ABB and U.S. healthcare provider Ascension — causing hundreds of millions of dollars in estimated damages.

A vulnerability was found in Gutenberg Thim Blocks Plugin up to 1.0.1 on WordPress and classified as critical. The impacted element is an unknown function. Executing a manipulation of the argument iconSVG can lead to path traversal. This vulnerability is registered as CVE-2025-13725. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Stackideas EasyDiscuss Extension up to 5.0.15 on Joomla and classified as problematic. The affected element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-21624. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Stackideas EasyDiscuss Extension up to 5.0.15 on Joomla. Impacted is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-21623. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Stackideas EasyDiscuss Extension up to 5.0.15 on Joomla. This issue affects some unknown processing. This manipulation causes unrestricted upload. This vulnerability is tracked as CVE-2026-21625. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in AMD EPYC 9004 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 7003 Processors and EPYC Embedded 9005 Processors. This vulnerability affects unknown code. The manipulation results in write-what-where condition. This vulnerability is identified as CVE-2025-29943. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Tenda AX1806 1.0.0.1. This affects the function fromSetSysTime. The manipulation of the argument timeZone leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2025-70746. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in Tenda AX1806 1.0.0.1. Affected by this issue is the function sub_4C408. Executing a manipulation of the argument Security can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-71020. The attack may be launched remotely. There is no exploit available.

Verizon has begun sending text messages with instructions on how to redeem a $20 account credit for last week's nationwide wireless outage. [...]

Никаких двигателей, никакого топлива…

A supply chain vulnerability in AWS CodeBuild recently put the entire AWS Console at risk. Learn how Wiz Research found the flaw and how Amazon responded to prevent a global security crisis.

In a scathing opinion, Judge David Carter called the federal government’s demands for unredacted voter data “unprecedented and illegal.”

The post Federal court dismisses Trump DOJ lawsuit seeking California voter data appeared first on CyberScoop.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Проект празднует 25-летие и подписывает контракты с ИИ-компаниями.

A vulnerability marked as critical has been reported in Linux Kernel up to 4.19.256/5.4.211/5.10.139/5.15.63/5.19.5. Affected by this vulnerability is the function storvsc_error_wq of the file kernel/workqueue.c of the component scsi. Performing a manipulation results in deadlock. This vulnerability is cataloged as CVE-2022-49986. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.19.5 and classified as problematic. Affected is the function __md_stop_writes of the component md. The manipulation results in privilege escalation. This vulnerability is known as CVE-2022-49987. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.