Aggregator

CVE-2024-9450 | Free Booking Plugin for Hotels, Restaurants and Car Rentals Plugin Setting cross-site request forgery

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Free Booking Plugin for Hotels, Restaurants and Car Rentals Plugin up to 1.3.14 on WordPress and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-9450. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-9599 | Popup Box Plugin up to 4.7.7 on WordPress Setting cross site scripting

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Popup Box Plugin up to 4.7.7 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-9599. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-1289 | Plugin Oficial Plugin up to 1.7.3 on WordPress Setting cross site scripting (EUVD-2025-15206)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Plugin Oficial Plugin up to 1.7.3 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-1289. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-9645 | pickplugins Post Grid and Gutenberg Blocks Plugin up to 2.2.92 on WordPress cross site scripting (EUVD-2025-15224)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in pickplugins Post Grid and Gutenberg Blocks Plugin up to 2.2.92 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9645. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-8619 | Ajax Search Lite Plugin up to 4.12.1 on WordPress Setting cross site scripting (EUVD-2025-15239)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Ajax Search Lite Plugin up to 4.12.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8619. The attack can be launched remotely. There is no exploit available.
vuldb.com

Top Cybersecurity Tools for Higher Education: Protecting Institutions

Security Boulevard
3 months 2 weeks ago

Universities have always been places of learning and innovation. Yet, in today’s digital world, they’re also prime targets for cybercriminals. From online learning platforms to student records, from research databases to financial systems, the amount of sensitive data that higher education institutions store has grown exponentially—and so have the risks. Between AI-fueled disruption, rising financial […]

The post Top Cybersecurity Tools for Higher Education: Protecting Institutions appeared first on Centraleyes.

The post Top Cybersecurity Tools for Higher Education: Protecting Institutions appeared first on Security Boulevard.

Rebecca Kappel

CVE-2024-30095 | Microsoft Windows up to Server 2022 23H2 Routing/Remote Access Service heap-based overflow (EUVD-2024-28032)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-30095. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-3054 | WP User Frontend Pro Plugin up to 4.1.3 on WordPress upload_files unrestricted upload (EUVD-2025-16962)

Vuldb Updates
3 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in WP User Frontend Pro Plugin up to 4.1.3 on WordPress. This issue affects the function upload_files. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2025-3054. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-4332 | PHPGurukul Company Visitor Management System 2.0 /visitor-detail.php editid/remark sql injection (EUVD-2025-13540)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid/remark leads to sql injection. This vulnerability is handled as CVE-2025-4332. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5683 | Qt up to 6.2.x/6.5.9/6.8.4/6.9.0 ICNS Image File denial of service (EUVD-2025-16968)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as problematic was found in Qt up to 6.2.x/6.5.9/6.8.4/6.9.0. Affected by this vulnerability is an unknown functionality of the component ICNS Image File Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-5683. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Outlook Users Targeted by New HTML-Based Phishing Scheme

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 2 weeks ago

A recent phishing campaign has revealed a sophisticated technique that exploits Microsoft Outlook’s unique handling of HTML emails to conceal malicious links from corporate users. The attack, initially appearing as a standard phishing attempt impersonating a Czech bank, leverages conditional HTML comments to display different content depending on the email client used to open the […]

The post Outlook Users Targeted by New HTML-Based Phishing Scheme appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Anupriya

奢侈时尚品牌卡地亚遭遇网络攻击 客户数据被泄露

嘶吼
3 months 2 weeks ago

奢侈时尚品牌卡地亚(Cartier)近期其系统遭遇黑客入侵,致使客户个人信息被泄露。卡地亚在数据泄露通知中表示:“一个未经授权方临时访问了我们的系统,并获得了有限的客户信息。”

据卡地亚称,泄露的信息包括姓名、电子邮件地址和客户所在国家。但该公司强调,此次泄露并不包括更敏感的数据,如密码、信用卡号或银行详细信息。

卡地亚表示,已向执法部门通报了这一事件,并正在与一家外部网络安全公司合作修复这一漏洞。目前这一情况也已得到控制,并进一步加强了对其系统和数据的保护。然而,该公司警告称,被盗数据可能被用于有针对性的攻击,并要求客户对未经请求或可疑的通信保持警惕。

有媒体联系了卡地亚,以了解更多有关违规行为的信息,例如何时发生以及有多少人受到影响,但目前尚未收到回复。

时尚品牌频频遭受网络攻击

在此之前的一个月,其他时尚品牌也发生了类似的安全事件。今年5月,迪奥披露了一起数据泄露事件,此前黑客入侵了其系统,窃取了客户的联系方式、购买历史和偏好。

同样在上个月,阿迪达斯也表示,其第三方服务提供商遭到入侵,导致数据泄露。攻击者访问了联系信息,但没有获得任何付款细节或账户凭据。

上周,由于持续的安全事件,维多利亚的秘密关闭了其网站和一些商店服务。与卡地亚、迪奥和阿迪达斯一样,维密也已与网络安全专家展开了调查。

胡金鱼

Managed ad