Aggregator

A vulnerability was found in Audio Comments Plugin up to 1.0.4 on WordPress. It has been classified as problematic. Affected is an unknown function of the file audio-comments/audior-settings.php of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-4189. It is possible to launch the attack remotely. There is no exploit available.

How did a $400 million data breach happen at Coinbase? It wasn't a tech failure—it was a human one. Learn how social engineering exploited trust and what it means for cybersecurity.

The post The Coinbase Data Breach: A Breakdown of What Went Wrong appeared first on Security Boulevard.

A vulnerability classified as problematic was found in Logo Slider Plugin up to 3.7.0 on WordPress. This vulnerability affects the function save_shortcode_pref of the component Shortcode Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-9233. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Kyle Phillips Nested Pages Plugin up to 3.2.8 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8759. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Blubrry PowerPress Podcasting Plugin up to 11.9.17 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9227. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in RegistrationMagic Plugin 4.6.0.0/5.0.1.6/5.0.1.7/5.0.1.9/5.0.2.2 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9390. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Salon Booking System Plugin up to 10.9.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9882. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Team Plugin up to 4.4.1 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9236. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Backup Database Plugin up to 4.9 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8702. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ays Pro Quiz Maker Plugin 6.5.0.6 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8617. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Maspik Plugin up to 2.1.2 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-9182. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Urban Base Z-Downloads Plugin up to 1.11.5 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-8703. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in AVIF Uploader Plugin up to 1.1.0 on WordPress. Affected by this issue is some unknown functionality of the component SVG File Parser. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-9238. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

NASA 工程师成功重启了旅行者1号的备用推进器，这些备用推进器自 2004 年以来就没有使用，一度被认为已经失效。控制旅行者1号方向的主推进器由于堆积了大量残留物而性能下降，如果主推进器失效，飞船将无法将天线指向地球，将会切断与地球近 50 年的通信。与此同时负责发送指令的地面天线将于 5 月 4 日之后下线数个月进行升级，及时干预将变得不可能。因此 NASA 在三月份尝试切换到备用推进器对其至关重要。旅行者1号与地球之间的通信延迟长达 23 小时。JPL 任务推进负责人 Todd Barber 称这是一个奇迹，旅行者1号获救了。

Authors/Presenters: Roei Sherman, Adi inov

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – GroundFloor – Adversaries Also Lift & Shift: Cloud Threats Through The Eyes Of An Adversary appeared first on Security Boulevard.

Маршруты уходят в прошлое, пока никто не забыл, где они лежали.

A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Affected is an unknown function of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument drivername leads to sql injection. This vulnerability is traded as CVE-2025-4917. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The identification of this vulnerability is CVE-2025-4916. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/auto-taxi-entry-detail.php. The manipulation of the argument price leads to sql injection. This vulnerability was named CVE-2025-4915. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4914. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.