Aggregator

A vulnerability, which was classified as problematic, has been found in BdThemes Ultimate Store Kit Elementor Addons Plugin up to 2.3.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-24584. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Morkva Shipping for Nova Poshta Plugin up to 1.19.6 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-24612. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Clodeo Shipdeo Plugin up to 1.2.8 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-23457. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Eniture Technology LTL Freight Quotes Plugin up to 5.0.20 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-24664. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Morkva UA Shipping Plugin up to 1.0.18 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to path traversal: '.../...//'. This vulnerability was named CVE-2025-24685. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Simple Locator Plugin up to 2.0.4 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-22513. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP Busters Passwordless Plugin up to 1.1.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-23792. The attack may be launched remotely. There is no exploit available.

Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials. Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vulnerabilities in the Git credential retrieval protocol that could have allowed threat actors to access user credentials. The vulnerabilities stem from the improper handling of messages in Git’s credential […]

A vulnerability has been found in MetaSlider Responsive Slider Plugin up to 3.92.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-24533. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Houzez Plugin up to 3.4.0 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-24754. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in ThimPress FundPress Plugin up to 2.0.6 on WordPress. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2025-24601. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-0753. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-0751. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Leonid Radvinsky 在成为 Onlyfans 最大股东前创办了成人网站 MyFreeCams.com，在 2010 年代初 MyFreeCams 是允许成人表演者通过视频直播获取收入的最大平台。表演者有两种获利方法，其一是在群聊室内获得打赏，其二是一对一私人秀。私人秀的费用大约为每分钟 3 美元，而打赏每分钟最高能有 20 美元。类似手游氪金，八成的打赏来自几位鲸鱼用户。这些男性的付费动机除了让表演者开心外，还有是让表演者在其他男性面前开心。这是一个竞争性的系统。然而 Onlyfans 不允许鲸鱼用户之间展开竞争，但为什么它却成为了今天最成功的成人网站，有超过 2 亿用户和数百万成人表演者？一位成人表演者兼社会分析师认为，Onlyfans 让成人表演变得更个性化，将男性用户隔离开来，一位表演者能同时服务于数以千计的用户，而表演者背后的机构提供了廉价的复制服务。机构接手了琐屑的工作，将女孩私人色彩的交流情感传递给一群男性。表演者首先设定一个较低的订阅费，比如每月 5 美元，筛选掉不愿意付费的男性。接着机构通过与用户进行直接联系向其销售其它内容。机构称，过高的订阅费不会带来更多的收入，5 美元月费是最平衡的价格，能吸引足够多的男性，定价过高过低都不行，而直销内容才是最主要的收入来源。在机构的操作下，一位成人表演者可能从不会登录其 Onlyfans 账号，机构会提取走五成左右的收入，Onlyfans 拿走二成，剩下还有二成左右。最成功的 Onlyfans 表演者背后都有机构。

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws

Submit #483326 / VDB-293518

Submit #483315 / VDB-293517