Aggregator

A vulnerability labeled as critical has been found in Equalize Digital Accessibility Checker Plugin up to 1.31.0 on WordPress. Affected by this issue is some unknown functionality. Executing manipulation can lead to missing authorization. This vulnerability appears as CVE-2025-58981. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in recorp Export WP Page to Static HTML CSS Plugin up to 4.1.0 on WordPress. Affected by this vulnerability is an unknown functionality. Performing manipulation results in missing authorization. This vulnerability is reported as CVE-2025-58980. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in Equalize Digital Accessibility Checker Plugin up to 1.31.0 on WordPress. Affected is an unknown function. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-58976. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Adobe Acrobat Reader up to 25.001.20672. It has been rated as critical. This impacts an unknown function of the component File Handler. This manipulation causes use after free. This vulnerability is registered as CVE-2025-54257. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Tenda G3 15.11.0.17. It has been declared as critical. This affects the function dns_forward_rule_store. The manipulation of the argument rules results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-57060. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in OctoPrint up to 1.11.2. It has been classified as critical. The impacted element is an unknown function. The manipulation leads to os command injection. This vulnerability is listed as CVE-2025-58180. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Adobe Premiere Pro up to 24.6.5 and classified as critical. The affected element is an unknown function of the component File Handler. Executing manipulation can lead to use after free. This vulnerability is tracked as CVE-2025-54242. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

最薄和最强的 iPhone 同时登场，以及苹果继续用生态硬件讲 AI 故事。

Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.

SaaS supply chain attacks exploit SaaS-to-SaaS connections using stolen OAuth tokens. Get practical steps to reduce your risk and protect business data.

The post How New Supply Chain Attacks Challenge SaaS Security: Lessons from UNC6395, UNC6040, and ShinyHunters appeared first on AppOmni.

The post How New Supply Chain Attacks Challenge SaaS Security: Lessons from UNC6395, UNC6040, and ShinyHunters appeared first on Security Boulevard.

SAP issues 21 new and 4 updated security notes, fixing critical NetWeaver flaws enabling RCE and privilege escalation. SAP this week issued 21 new and four updated security notes as part of the company’s September Patch Day, including four notes that address critical vulnerabilities in NetWeaver. Onapsis Research Labs supported SAP in patching two critical […]

The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year. [...]

Currently trending CVE - Hype Score: 12 - Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.

Wordlists: Yet another collection of wordlists

iOS 漏洞研究倒闭了

The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide.  Volodymyr Viktorovych Tymoshchuk, known online as “deadforz,” “Boba,” “msfv,” and “farnetwork,” is accused of developing and deploying ransomware variants Nefilim, LockerGoga, and MegaCortex, all of which have been used in attacks […]

The post U.S. indicts Ukrainian national for hundreds of ransomware attacks using multiple variants appeared first on CyberScoop.

Alleged Sale of Driving School Software Provider Data

While the jury is still out, it's clear that use has skyrocketed and security needs to align.

Trappist-1e может оказаться поворотным моментом в поиске внеземных миров.