Aggregator

A vulnerability described as problematic has been identified in Pronamic Google Maps Plugin up to 2.4.1 on WordPress. Impacted is an unknown function. Executing manipulation of the argument Description can lead to cross site scripting. The identification of this vulnerability is CVE-2025-9352. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Video Share VOD Plugin up to 2.7.6 on WordPress. The affected element is the function adminExport. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-7812. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in UsersWP Plugin up to 1.2.42 on WordPress and classified as problematic. Affected is the function uwp_profile_header of the component Shortcode Handler. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-9344. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Beaver Builder Plugin up to 2.9.2.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. Executing manipulation of the argument fl_builder can lead to cross site scripting. This vulnerability is registered as CVE-2025-8897. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as very critical, was found in Plex Media Server up to 1.42.0.x. Affected is an unknown function. Such manipulation leads to incorrect resource transfer. This vulnerability is traded as CVE-2025-34158. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Silabs SiSDK up to 2024.6.2. Affected is an unknown function of the component APS Layer. Executing manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2024-6352. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Rezgo Plugin up to 4.15 on WordPress. It has been classified as problematic. The impacted element is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is documented as CVE-2024-53800. The attack can be initiated remotely. There is not any exploit available.

A vulnerability has been found in deerwms deer-wms-2 up to 3.3 and classified as critical. Impacted is an unknown function of the file /system/role/authUser/allocatedList. This manipulation of the argument params[dataScope] causes sql injection. The identification of this vulnerability is CVE-2025-8125. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in tbeu matio 1.5.28. It has been classified as critical. The impacted element is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2025-2338. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in IBM MQ 9.3/9.4. It has been rated as problematic. The impacted element is an unknown function. This manipulation causes improper check for unusual conditions. This vulnerability is tracked as CVE-2024-54175. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Lenovo FileZ Client. It has been declared as critical. This affects an unknown part. Such manipulation leads to improper validation of specified type of input. This vulnerability is documented as CVE-2024-8058. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM Sterling B2B Integrator Standard Edition up to 6.1.2.5/6.2.0.2. The impacted element is an unknown function of the component Web UI. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2024-31914. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in kmfoysal06 SimpleCharm Plugin up to 1.4.3 on WordPress and classified as problematic. The affected element is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2024-56056. It is possible to launch the attack remotely. No exploit is available.

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme to generate illicit revenue for the regime's weapons of mass destruction and ballistic missile programs. "The North Korean regime continues to target American

美国财政部宣布对两名个人和两家实体实施制裁,因其参与朝鲜远程IT工人计划,通过数据盗窃和勒索为朝鲜的武器项目筹集资金。制裁对象包括俄罗斯籍的Andreyev、朝鲜官员Kim Ung Sun,以及中国公司Shenyang Geumpungri和Sinjin Trading Corporation。该计划利用AI伪造专业背景,将朝鲜IT人员嵌入合法企业,窃取敏感数据并进行勒索。