Aggregator

CVE-2025-4973 | Workreap Plugin up to 3.3.1 on WordPress workreap_verify_user_account improper authentication (EUVD-2025-18159)

VulDB Recent Entries
3 months 1 week ago
A vulnerability, which was classified as critical, was found in Workreap Plugin up to 3.3.1 on WordPress. This affects the function workreap_verify_user_account. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-4973. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-5012 | Workreap Plugin up to 3.3.2 on WordPress workreap_temp_upload_to_media unrestricted upload (EUVD-2025-18160)

VulDB Recent Entries
3 months 1 week ago
A vulnerability, which was classified as critical, has been found in Workreap Plugin up to 3.3.2 on WordPress. Affected by this issue is the function workreap_temp_upload_to_media. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-5012. The attack may be launched remotely. There is no exploit available.
vuldb.com

Linux Malware Authors Targeting Cloud Environments with ELF Binaries

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 1 week ago

Unit 42, Palo Alto Networks’ threat intelligence division, has recently conducted investigations that have revealed a worrying trend: threat actors are increasingly creating and modifying Linux Executable and Linkable Format (ELF) malware to attack cloud infrastructure. With cloud adoption skyrocketing and Linux-based systems underpinning the vast majority of cloud workloads estimates suggest between 70% and […]

The post Linux Malware Authors Targeting Cloud Environments with ELF Binaries appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaaviya

Qilin

Dark Feed IO
3 months 1 week ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
3 months 1 week ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
3 months 1 week ago

You must login to view this content

cohenido

CVE-2025-5687 | Mozilla VPN up to 2.27.x on macOS Local Privilege Escalation (EUVD-2025-18102)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Mozilla VPN up to 2.27.x on macOS. It has been classified as critical. This affects an unknown part. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2025-5687. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-4246 | GiveWP Plugin up to 2.33.3 on WordPress Plugin Installation cross-site request forgery (EUVD-2023-54117)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in GiveWP Plugin up to 2.33.3 on WordPress. This issue affects some unknown processing of the component Plugin Installation Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2023-4246. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-0163 | IBM Security Verify Access up to 10.0.8 observable response discrepancy (EUVD-2025-18121)

Vuldb Updates
3 months 1 week ago
A vulnerability classified as problematic has been found in IBM Security Verify Access and Security Verify Access Docker up to 10.0.8. This affects an unknown part. The manipulation leads to observable response discrepancy. This vulnerability is uniquely identified as CVE-2025-0163. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-3473 | IBM Security Guardium 12.1 insecure inherited permissions (EUVD-2025-18122)

Vuldb Updates
3 months 1 week ago
A vulnerability has been found in IBM Security Guardium 12.1 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to insecure inherited permissions. This vulnerability is known as CVE-2025-3473. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-0922 | Tenda AC10U 15.03.06.49_multi_TDE01 formQuickIndex PPPOEPassword stack-based overflow (EUVD-2024-16703)

Vuldb Updates
3 months 1 week ago
A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-0922. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

The Hackers News
3 months 1 week ago
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads," ReliaQuest said in a report
The Hacker News

Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains

Help Net Security
3 months 1 week ago

More than 20,000 malicious IP addresses and domains used by information-stealing malware were taken down during an international cybercrime crackdown led by INTERPOL. Called Operation Secure, the effort ran from January to April 2025 and involved law enforcement from 26 countries. Teams tracked down servers, mapped physical networks, and carried out targeted takedowns. Law enforcement seizing equipment (Source: INTERPOL) Before the operation began, INTERPOL worked with cybersecurity companies Group-IB, Kaspersky, and Trend Micro to create … More →

The post Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains appeared first on Help Net Security.

Help Net Security

CVE-2025-46905 | Adobe Experience Manager up to 6.5.22 cross site scripting (apsb25-48 / Nessus ID 238053)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as problematic, was found in Adobe Experience Manager up to 6.5.22. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-46905. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46907 | Adobe Experience Manager up to 6.5.22 cross site scripting (apsb25-48 / Nessus ID 238053)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Adobe Experience Manager up to 6.5.22 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-46907. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad