Aggregator

A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipulation of the argument ip6addr with the input <img/src/onerror=prompt(8)> leads to cross site scripting. This vulnerability is handled as CVE-2025-2191. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Обновленная программа Google VRP стала новой золотой жилой для белых хакеров.

Apache Tomcat, a widely used open-source web server software, has faced numerous security vulnerabilities in recent years. Some critical issues put servers at risk of remote code execution (RCE) and other attacks. These vulnerabilities highlight the importance of keeping software up-to-date and properly configured to prevent potential exploits. Detailed Vulnerabilities: Below is a formatted table […]

The post Apache Tomcat Flaw Could Allow RCE Attacks on Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in frazahmed ProductDyno Plugin up to 1.0.24 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument res leads to cross site scripting. This vulnerability is known as CVE-2024-13413. The attack can be launched remotely. There is no exploit available.

Submit #511700 / VDB-299216

A sophisticated malware toolkit known as Ragnar Loader has been identified as a critical component in targeted ransomware attacks. The loader, also known as Sardonic Backdoor, serves as the primary infiltration mechanism for the Monstrous Mantis ransomware group, formerly known as Ragnar Locker, which has been attacking organizations since its emergence in 2020. Security researchers […]

The post Ragnar Loader Employed By Multiple Ransomware Groups To Evade Detection appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in bPlugins Countdown Timer Plugin up to 1.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13864. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in S3Bubble Media Streaming Plugin up to 8.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13862. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in SEO Tools Plugin up to 4.0.7 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13853. The attack can be initiated remotely. There is no exploit available.

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their

惠普释出了一个有问题的新版本固件，结果导致自家的墨盒都无法使用。惠普是在 3 月 4 日为其 LaserJet MFP M232-M237 打印机释出了版本号为 20250209 的新固件，更新说明是“安全更新”、“监管要求更新”、“一般改进和 bug 修复”以及 IPP Everywhere 修复。但此后惠普的客户在支持论坛上报告使用惠普品牌墨盒出现问题，他们在打印时返回了错误码 Error Code 11，设备上的碳粉指示灯闪烁。惠普发言人在一份公开声明中表示，他们知道固件影响了少数 HP LaserJet 200 设备，正在寻找解决方案。暂时不清楚有多少设备受到影响。这不是第一次惠普因为固件更新破坏了客户的打印机。

A vulnerability was found in WP Login Control Plugin up to 2.0.0 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13836. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Social Share Buttons, Social Sharing Icons, Click to Tweet Plugin up to 1.3.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13615. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Coronavirus Notice Message Plugin up to 1.1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-0629. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in XV Random Quotes Plugin up to 1.40 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-13580. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in XV Random Quotes Plugin up to 1.40 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13574. The attack may be initiated remotely. There is no exploit available.

漏洞研究与漏洞利用技术

漏洞研究与漏洞利用技术

漏洞研究与漏洞利用技术

漏洞研究与漏洞利用技术