Aggregator

A vulnerability, which was classified as very critical, has been found in Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2007-0466. The attack may be initiated remotely. Furthermore, there is an exploit available.

In recent security research, vulnerabilities in the Kentico Xperience CMS have come to light, highlighting significant risks for users who rely on this Content Management System (CMS). Specifically, two primary issues were identified: an Authentication Bypass vulnerability and a Post-Authentication Remote Code Execution (RCE) vulnerability. These vulnerabilities, collectively forming a powerful exploit chain, allow attackers to gain full control […]

The post Kentico Xperience CMS Vulnerability Enables Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is uniquely identified as CVE-2025-2378. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A critical vulnerability, identified as CVE-2025-24016, has been discovered in the Wazuh Security Information and Event Management (SIEM) platform. This vulnerability affects versions 4.4.0 to 4.9.0 and allows attackers with API access to execute arbitrary Python code remotely, potentially leading to complete system compromise. The flaw stems from the unsafe deserialization of Distributed API (DAPI) […]

The post Wazuh SIEM Vulnerability Enables Remote Malicious Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Immunity Debugger 1.85. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-2401. The attack can be launched remotely. There is no exploit available.

A software programmer developed a way to use brute force to break the encryption of the notorious Akira ransomware using GPU compute power and enabling some victims of the Linux-focused variant of the malware to regain their encrypted data without having to pay a ransom.

The post New Akira Ransomware Decryptor Leans on Nvidia GPU Power appeared first on Security Boulevard.

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a

A vulnerability was found in WP Travel Engine Plugin up to 5.9.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-37944. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Meks Smart Author Widget Plugin up to 1.1.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-37958. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Chris Coyier CodePen Embedded Pens Shortcode Plugin up to 1.0.0 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-37960. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in codoc Plugin up to 0.9.51.12 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-37961. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP Darko Team Members Plugin up to 5.3.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-38670. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in TemeGUM Gum Elementor Addon Plugin up to 1.3.5 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-37565. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Pratik Chaskar Timeline Module for Beaver Builder Plugin up to 1.1.3 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-37919. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Obtain Infotech Multisite Content Copier Updater Plugin up to 1.5.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-38673. The attack can be launched remotely. There is no exploit available.

Информация о 600 миллионах клиентов Taobao утекла в сеть. Что дальше?

This ExecBrief helps organizations understand and address the various cyber risks that can stem from mergers and acquisitions.

The post PinnacleOne ExecBrief | The Hidden Cyber Risks of Mergers & Acquisitions appeared first on SentinelOne.