Aggregator

A vulnerability was found in Links 0.9.2/1.00pre12. It has been classified as critical. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2006-5925. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the threat intelligence company shared on Tuesday. “This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems.” CVE-2025-0108 + CVE-2024-9474 and/or CVE-2025-0111 Palo Alto Networks has updated the … More →

The post Attackers are chaining flaws to breach Palo Alto Networks firewalls appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in berginformatik Cosmic Blocks Content Editor Blocks Collection Plugin up to 1.3.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13674. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in simply4net Widget BUY.BOX Plugin up to 3.1.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13679. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in binnyva Pollin Plugin up to 1.01.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13711. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Pure Chat Plugin up to 2.31 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13736. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in berginformatik Cosmic Blocks Content Editor Blocks Collection Plugin up to 1.3.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13674. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in simply4net Widget BUY.BOX Plugin up to 3.1.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13679. The attack can be launched remotely. There is no exploit available.

欢迎投递简历！

欢迎投递简历！

欢迎投递简历！

欢迎投递简历！

欢迎投递简历！

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞92个，其中高危漏洞44个、中危漏洞38个、低危漏洞10个。

2025年2月19日，深瞳漏洞实验室监测到一则谷歌-Chrome组件存在缓冲区溢出漏洞的信息，漏洞编号：CVE-2025-0999，漏洞威胁等级：高危。

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞92个，其中高危漏洞44个、中危漏洞38个、低危漏洞10个。

2025年2月19日，深瞳漏洞实验室监测到一则谷歌-Chrome组件存在缓冲区溢出漏洞的信息，漏洞编号：CVE-2025-0999，漏洞威胁等级：高危。

A vulnerability was found in debaat Media Category Management Plugin up to 2.3.3 on WordPress. It has been declared as problematic. This vulnerability affects the function wp_mcm_handle_action_settings. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-0865. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.