Откуда взялись золото, барий и лантан? Физики разбирают Вселенную по молекулам, чтобы ответить
FRIB — лаборатория, где переписывают космос.
Aggregator
Threat Actors Widely Abuse .COM TLD to Host Credential Phishing Website
9 months 1 week ago
The .COM top-level domain continues to dominate the cybercriminal landscape as the primary vehicle for hosting credential phishing websites, maintaining its position as the most extensively abused TLD by threat actors worldwide. Recent intelligence indicates that malicious actors leverage the trusted reputation and widespread recognition of .COM domains to deceive victims into surrendering sensitive login […]
The post Threat Actors Widely Abuse .COM TLD to Host Credential Phishing Website appeared first on Cyber Security News.
Tushar Subhra Dutta
Beware of Fake Chinese E-Commerce Sites Imitating Apple, Wrangler, and Exploiting Payment Services like MasterCard and PayPal
9 months 1 week ago
A sophisticated phishing campaign, initially spotlighted by Mexican journalist Ignacio Gómez Villaseñor, has evolved into a sprawling global threat, as revealed by Silent Push Threat Analysts. What began as a targeted attack on Spanish-language audiences during Mexico’s “Hot Sale 2025” an annual sales event akin to Black Friday has expanded into a massive fake marketplace […]
The post Beware of Fake Chinese E-Commerce Sites Imitating Apple, Wrangler, and Exploiting Payment Services like MasterCard and PayPal appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
CVE-2025-53500 | MassEditRegex Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki cross site scripting (EUVD-2025-19887)
9 months 1 week ago
A vulnerability was found in MassEditRegex Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2025-53500. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-49846 | wireapp wire-ios up to 3.124.0 canOpenUrl neutralization for logs (EUVD-2025-19895)
9 months 1 week ago
A vulnerability has been found in wireapp wire-ios up to 3.124.0 and classified as problematic. This vulnerability affects the function canOpenUrl. The manipulation leads to improper output neutralization for logs.
This vulnerability was named CVE-2025-49846. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-6926 | CentralAuth Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki improper authentication (EUVD-2025-19884)
9 months 1 week ago
A vulnerability, which was classified as critical, was found in CentralAuth Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki. This affects an unknown part. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2025-6926. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48939 | AmauriC tarteaucitron.js up to 1.21.x special element (EUVD-2025-19885)
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in AmauriC tarteaucitron.js up to 1.21.x. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of special elements.
This vulnerability is handled as CVE-2025-48939. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-45938 | Akeles Out of Office Assistant 4.0.1 on Jira Jira fullName cross site scripting (EUVD-2025-19878)
9 months 1 week ago
A vulnerability classified as problematic was found in Akeles Out of Office Assistant 4.0.1 on Jira. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Jira fullName leads to cross site scripting.
This vulnerability is known as CVE-2025-45938. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-53490 | CampaignEvents Extension up to 1.43.1 on Mediawiki cross site scripting (EUVD-2025-19890)
9 months 1 week ago
A vulnerability classified as problematic has been found in CampaignEvents Extension up to 1.43.1 on Mediawiki. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-53490. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53502 | FeaturedFeeds Extension 1.39.x/1.42.x/1.43.x on Mediawiki cross site scripting (EUVD-2025-19888)
9 months 1 week ago
A vulnerability was found in FeaturedFeeds Extension 1.39.x/1.42.x/1.43.x on Mediawiki. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2025-53502. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-53489 | GoogleDocs4MW Extension up to 1.42.6/1.43.1 on Mediawiki cross site scripting (EUVD-2025-19889)
9 months 1 week ago
A vulnerability was found in GoogleDocs4MW Extension up to 1.42.6/1.43.1 on Mediawiki. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2025-53489. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53501 | Scribunto Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki access control (EUVD-2025-19886)
9 months 1 week ago
A vulnerability was found in Scribunto Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki. It has been classified as critical. This affects an unknown part. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2025-53501. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Medusa Blog
9 months 1 week ago
You must login to view this content
cohenido
CVE-2024-4267 | parisneo lollms-webui up to 9.5 open_file command injection
9 months 1 week ago
A vulnerability, which was classified as critical, was found in parisneo lollms-webui up to 9.5. Affected is an unknown function of the component open_file. The manipulation leads to command injection.
This vulnerability is traded as CVE-2024-4267. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-6756 | Ultra Addons for Contact Form 7 Plugin up to 3.5.21 on WordPress Shortcode UACF7_CUSTOM_FIELDS cross site scripting
9 months 1 week ago
A vulnerability classified as problematic has been found in Ultra Addons for Contact Form 7 Plugin up to 3.5.21 on WordPress. This affects the function UACF7_CUSTOM_FIELDS of the component Shortcode Handler. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-6756. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-49482 | ASR Falcon_Linux/Kestrel/Lapwing_Linux prior 1536 tr069 Module tr069/tr098.c denial of service (EUVD-2025-19621)
9 months 1 week ago
A vulnerability was found in ASR Falcon_Linux, Kestrel and Lapwing_Linux. It has been rated as problematic. This issue affects some unknown processing of the file tr069/tr098.c of the component tr069 Module. The manipulation leads to denial of service.
The identification of this vulnerability is CVE-2025-49482. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-6932 | D-Link DCS-7517 up to 2.02.0 Qlync Password Generation /bin/httpd g_F_n_GenPassForQlync hard-coded password (EUVD-2025-19591)
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is uniquely identified as CVE-2025-6932. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-4403 | parisneo lollms-webui up to 9.6 restart_program cross-site request forgery
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in parisneo lollms-webui up to 9.6. Affected by this issue is the function restart_program. The manipulation leads to cross-site request forgery.
This vulnerability is handled as CVE-2024-4403. The attack may be launched remotely. There is no exploit available.
vuldb.com
Clothoff 试图支配深度伪造色情
9 months 1 week ago
根据 Clothoff 告密者披露的信息,该深度伪造色情应用正计划向全球扩张,试图支配深度伪造色情领域。Clothoff 已经收购了至少 10 款类似服务,这些服务每月吸引了数十万到数百万流量。告密者称,Clothoff 年度预算约 350 万美元,它目前的营销方式主要是依靠 Telegram 机器人和 X 频道向可能使用该应用的年轻男性投放广告。Clothoff 大部分营销预算都花在 Telegram 频道、Reddit Sex Sub 和 4chan 上。
Citrix Warns Authentication Failures Following The Update of NetScaler to Fix Auth Vulnerability
9 months 1 week ago
Citrix has issued an urgent advisory warning customers of widespread authentication failures following recent updates to NetScaler builds 14.1.47.46 and 13.1.59.19. The updates, released as part of the company’s ongoing secure-by-design initiative, have inadvertently caused significant disruption to enterprise authentication systems across multiple organizations worldwide. The authentication failures manifest as broken login pages and complete […]
The post Citrix Warns Authentication Failures Following The Update of NetScaler to Fix Auth Vulnerability appeared first on Cyber Security News.
Tushar Subhra Dutta