Aggregator

A vulnerability was found in richardgabriel Staff Directory Plugin up to 4.3 on WordPress and classified as problematic. This issue affects the function add_query_arg. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13839. The attack may be initiated remotely. There is no exploit available.

Как Иран «чистит» диссидентов на британской земле.

A vulnerability has been found in heroplugins Hero Mega Menu Plugin up to 1.16.5 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument index leads to cross site scripting. This vulnerability was named CVE-2024-13779. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Chimpstudio WP Real Estate Manager Plugin up to 2.8 on WordPress. This affects an unknown part. The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2025-1515. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in averta Master Slider Plugin up to 3.10.6 on WordPress. Affected by this vulnerability is the function ms_layer of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13757. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in zipang Point Maker Plugin up to 0.1.6 on WordPress. Affected by this issue is the function point_maker of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12815. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in heroplugins Hero Slider Plugin up to 1.3.5 on WordPress. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-13809. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in heroplugins Hero Mega Menu Plugin up to 1.16.5 on WordPress. It has been declared as problematic. This vulnerability affects the function hmenu_delete_menu. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-13780. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in averta Master Slider Plugin up to 3.10.6 on WordPress. It has been rated as problematic. This issue affects the function ms_slider of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11731. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in futuredesigngrp WP Online Contract Plugin up to 5.1.4 on WordPress. It has been classified as critical. This affects the function json_import/json_export of the component Setting Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-0954. It is possible to initiate the attack remotely. There is no exploit available.

特朗普网络幕僚团队初步成形

实时人脸伪造技术快速普及，犯罪生态迅猛扩张

A vulnerability was found in Eaton Foreseer Reporting Software up to 1.5.99 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is handled as CVE-2025-22493. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

GuidePoint Security has received reports of multiple organizations receiving ransom letters in the mail

De omgang met technologie is cruciaal voor militaire operaties. Defensie houdt daarom de ontwikkelingen op het gebied van onder andere kunstmatige intelligentie (AI), cloud en quantum goed in de gaten. Deze gaan namelijk razendsnel. Staatssecretaris Gijs Tuinman was de afgelopen dagen in de Verenigde Staten voor een bezoek aan de Amerikaanse techsector. Hij zag met eigen ogen welke nieuwe technologieën mogelijk impact hebben op het werk van de krijgsmacht.

Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its expertise in open source governance, Sonatype now extends its trusted platform to protect, manage, and optimize AI/ML models across development and deployment. Sonatype provides an end-to-end AI SCA solution, ensuring that enterprises can adopt AI with the same level of safety and productivity as traditional open source. Open source AI/ML adoption is soaring … More →

The post Sonatype AI SCA delivers visibility and control over AI/ML usage appeared first on Help Net Security.

近日，绿盟科技监测到网上披露了Ollama配置不当未授权访问漏洞（CNVD-2025-04094）。目前漏洞细节已披露，且发现在野利用，请相关用户尽快采取措施进行防护。

近日，绿盟科技CERT监测到VMware发布安全公告，修复了VMware ESXi&Workstation&Fusion多个高危漏洞，目前3个漏洞均已发现在野利用，请相关用户尽快采取措施进行防护。

近日，绿盟科技监测到网上披露了Ollama配置不当未授权访问漏洞（CNVD-2025-04094）。目前漏洞细节已披露，且发现在野利用，请相关用户尽快采取措施进行防护。

近日，绿盟科技CERT监测到VMware发布安全公告，修复了VMware ESXi&Workstation&Fusion多个高危漏洞，目前3个漏洞均已发现在野利用，请相关用户尽快采取措施进行防护。