Aggregator

A vulnerability classified as critical was found in Formality Plugin up to 1.5.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-24690. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in User Registration & Membership Plugin up to 4.1.1 on WordPress. This issue affects the function prepare_members_data. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-2563. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Hostiko Plugin up to 30.0 on WordPress. This affects an unknown part. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2025-27015. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GhozyLab Gallery for Social Photo Plugin up to 1.0.0.35 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-26742. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Frappe up to 14.88.x/15.50.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Requests Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-30214. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Frappe up to 14.90.x/15.51.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-30213. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Convivance StandVoice up to 6.2 and classified as critical. This issue affects some unknown processing of the component Authentication Module. The manipulation of the argument GEST_LOGIN leads to sql injection. The identification of this vulnerability is CVE-2024-42533. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Frappe up to 14.88.x/15.50.x and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-30212. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GLPI glpi-inventory-plugin up to 1.4.x. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-27147. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in appsmith up to 1.50. Affected by this issue is some unknown functionality. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is handled as CVE-2024-55604. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alisa Viejo, United States, 25th March 2025, CyberNewsWire

The post Active Roles Wins 2025 Cybersecurity Excellence Award for Hybrid Active Directory Protection appeared first on Security Boulevard.

Alleged Promotion of Pay2Key Ransomware-as-a-Service (RaaS)

科学家正在开发生物指标(biomarkers)去客观测量疼痛，以解决助长阿片类药物危机并导致女性和少数群体疼痛被持续低估的医学挑战。四个研究小组正在开发四种量化疼痛的技术，他们的方法包括：子宫内膜异位症疼痛的血液检测、通过瞳孔扩张测量神经反应的设备、取样间质液的微针贴片，以及检测汗液中疼痛标记物的可穿戴传感器。华盛顿大学神经科学教授 Adam Kepecs 说，当患者被告知疼痛“完全是他们的想象（all in their head）”，暗示疼痛是想象出来的。但讽刺的是，在某种程度上这句话是正确的，疼痛是存在于大脑中，是一种神经活动，是不可见的，具有独特的个人风格，但仍然是真实存在的。

Author/Presenter: Dean Ford

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – IATC – Blood in the Water: Preparing For the Feeding Frenzy appeared first on Security Boulevard.

Learn how Akamai's award-winning sales leadership development program transforms sales managers into impactful coaches, driving growth and performance.

#XXE-XML-RSS #cPickle反序列化 #git-leak权限提升

Тест на общий интеллект ставит искусственный разум на место.