Lynx
You must login to view this content
Aggregator
Printer Company Offered Malicious Drivers Infected With XRed Malware
11 months 2 weeks ago
In a concerning cybersecurity incident, printer manufacturer Procolored unknowingly distributed malware-infected software for approximately six months, ending in May 2025. The issue came to light when YouTube creator Cameron Coward of the channel Serial Hobbyism attempted to review a $6,000 UV printer and was alerted by his antivirus software to infections on the company-provided USB […]
The post Printer Company Offered Malicious Drivers Infected With XRed Malware appeared first on Cyber Security News.
Tushar Subhra Dutta
【安全圈】“ AI 骗局”升级!FBI 警告:已有美国高官的声音被冒充
11 months 2 weeks ago
关键词AI美国联邦调查局(FBI)周四警告称,一种恶意短信攻击正在针对政府官员及其熟人,黑客正通过人工智能(A
【安全圈】现在全世界都知道我买不起迪奥了
11 months 2 weeks ago
关键词数据泄露Dior 数据泄露风波:隐私危机与应对质疑近期,奢侈品行业巨头路威酩轩(LVMH)旗下的核心品牌
【安全圈】无视任何杀毒软件!世界上第一个 CPU 级勒索病毒:可直接攻击处理器 控制 BIOS
11 months 2 weeks ago
关键词勒索病毒世界上第一个 CPU 级勒索病毒已经出现,但好在并未对外发布。
Guide to Cloud API Security – Preventing Token Abuse
11 months 2 weeks ago
As organizations accelerate cloud adoption, API token abuse has emerged as a critical vulnerability vector. Recent incidents at significant platforms like DocuSign and Heroku exposed systemic risks in token management. A 2025 study reveals 57% of enterprises experienced API-related breaches in the past two years, with 73% facing multiple incidents. This surge highlights the urgent […]
The post Guide to Cloud API Security – Preventing Token Abuse appeared first on Cyber Security News.
CISO Advisory
CVE-2023-1059 | SourceCodester Doctors Appointment System 1.0 Parameter /admin/doctors.php search/id sql injection
11 months 2 weeks ago
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection.
This vulnerability was named CVE-2023-1059. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2023-7086 | SVG Uploads Support Plugin up to 2.1.1 on WordPress SGV cross site scripting
11 months 2 weeks ago
A vulnerability classified as problematic has been found in SVG Uploads Support Plugin up to 2.1.1 on WordPress. Affected is an unknown function of the component SGV Handler. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2023-7086. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2023-7088 | Add SVG Support for Media Uploader Plugin up to 1.0.5 on WordPress cross site scripting
11 months 2 weeks ago
A vulnerability was found in Add SVG Support for Media Uploader Plugin up to 1.0.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component SVG Handler. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2023-7088. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-6584 | Jetpack Boost Plugin up to 3.4.6 on WordPress wp_ajax_boost_proxy_ig server-side request forgery
11 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Jetpack Boost Plugin up to 3.4.6 on WordPress. This issue affects the function wp_ajax_boost_proxy_ig. The manipulation leads to server-side request forgery.
The identification of this vulnerability is CVE-2024-6584. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-6665 | KBucket Plugin up to 4.1.5 on WordPress yt_apikey cross site scripting
11 months 2 weeks ago
A vulnerability was found in KBucket Plugin up to 4.1.5 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument yt_apikey leads to cross site scripting.
This vulnerability is handled as CVE-2024-6665. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-6798 | DL Verification Plugin up to 1.2 on WordPress Setting cross site scripting
11 months 2 weeks ago
A vulnerability was found in DL Verification Plugin up to 1.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-6798. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-27820 | Apache HttpComponents up to 5.4.2 PSL Validation certificate validation
11 months 2 weeks ago
A vulnerability classified as critical has been found in Apache HttpComponents up to 5.4.2. Affected is an unknown function of the component PSL Validation. The manipulation leads to improper certificate validation.
This vulnerability is traded as CVE-2025-27820. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-2605 | Honeywell MB-Secure/MB-Secure Pro os command injection
11 months 2 weeks ago
A vulnerability was found in Honeywell MB-Secure and MB-Secure Pro. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to os command injection.
This vulnerability is handled as CVE-2025-2605. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-6786 | Payment Gateway for Telcell Plugin up to 2.0.1 on WordPress api_url redirect
11 months 2 weeks ago
A vulnerability classified as problematic was found in Payment Gateway for Telcell Plugin up to 2.0.1 on WordPress. This vulnerability affects unknown code. The manipulation of the argument api_url leads to open redirect.
This vulnerability was named CVE-2023-6786. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-4895 | SourceCodester Doctors Appointment System 1.0 delete-session.php ID sql injection
11 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/delete-session.php. The manipulation of the argument ID leads to sql injection.
The identification of this vulnerability is CVE-2025-4895. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-4894 | calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15 common/crypto.py gen_rsa_keys inadequate encryption (EUVD-2025-15641)
11 months 2 weeks ago
A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength.
This vulnerability was named CVE-2025-4894. The attack can be initiated remotely. There is no exploit available.
This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
vuldb.com
CVE-2025-30386 | Microsoft Office use after free (EUVD-2025-14450 / Nessus ID 236844)
11 months 2 weeks ago
A vulnerability has been found in Microsoft Office and classified as critical. This vulnerability affects unknown code. The manipulation leads to use after free.
This vulnerability was named CVE-2025-30386. The attack can be initiated remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-46727 | Rack up to 2.2.13/3.0.15/3.1.13 Rack::QueryParser resource consumption (GHSA-gjh7-p2fx-99vx / Nessus ID 236870)
11 months 2 weeks ago
A vulnerability was found in Rack up to 2.2.13/3.0.15/3.1.13 and classified as problematic. This issue affects the function Rack::QueryParser. The manipulation leads to resource consumption.
The identification of this vulnerability is CVE-2025-46727. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-32441 | Rack up to 2.2.13 Session Cookie Rack::Session race condition (GHSA-vpfw-47h7-xj4g / Nessus ID 236870)
11 months 2 weeks ago
A vulnerability was found in Rack up to 2.2.13. It has been classified as problematic. Affected is the function Rack::Session of the component Session Cookie Handler. The manipulation leads to race condition.
This vulnerability is traded as CVE-2025-32441. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com