Aggregator

A vulnerability, which was classified as problematic, was found in Django CMS up to 3.11.7/3.11.8/4.1.2/4.1.3. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11319. The attack can be launched remotely. Moreover, an exploit is present. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Eliz Software Panel up to 2.3.23. Affected is an unknown function. Such manipulation leads to unprotected storage of credentials. This vulnerability is referenced as CVE-2024-5960. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

Two Kenyan documentary filmmakers have come under surveillance by state security services for their work on a film

The post Filmmakers Under Surveillance: How Kenya Used Spyware to Target Dissent appeared first on Penetration Testing Tools.

U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) demanding an investigation into

The post Microsoft Accused of “Gross Negligence” Over Insecure RC4 Protocol appeared first on Penetration Testing Tools.

天文学家使用韦伯太空望远镜（JWST）首次在遥远的矮行星鸟神星（Makemake）上发现甲烷气体。这项成果颠覆了人们以往认为鸟神星只是颗冰封天体的看法，也让它成为继冥王星后，第二颗确认存在稀薄气体的海王星外天体。鸟神星于 2005 年由加州理工学院研究团队发现，半径约 715 公里，比冥王星稍小且更黯淡，绕太阳公转一圈需 305 年。过去的恒星掩星观测显示它没有明显大气，但不排除有稀薄大气存在的可能。红外线数据则揭示矮行星表面的甲烷冰有奇怪的热异常，暗示可能有局部热点并释放气体。研究团队指出，鸟神星是目前发现的海王星外天体中，最大的冰封天体之一，表面以甲烷冰为主。近期由韦伯望远镜的观测结果发现，在甲烷冰地表之上也存在稀薄的甲烷气体层，显示它的内部并非死寂，而是仍在不断变动中。鸟神星可能有一层非常稀薄的大气，类似冥王星。而这些气体也可能来自更短暂的局部地质活动，例如冰火山的羽状喷流或如同彗星般的升华作用。

A new tool called SpamGPT has emerged on underground forums and quickly become a focal point of discussion

The post SpamGPT: The AI Tool Lowering the Bar for Phishing Attacks appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, was found in Matu FTP Server 1.1.3.0. Affected by this vulnerability is an unknown functionality of the component Command Handler. Executing manipulation of the argument PASS can lead to memory corruption. This vulnerability is tracked as CVE-2002-0895. The attack can be launched remotely. Moreover, an exploit is present. The application of restrictive firewalling is recommended.

A vulnerability was found in Intranet-Server LocalWEB2000 2.1.0 Standard Version and classified as critical. This affects an unknown part of the component Access Restriction. The manipulation with the input /./ results in path traversal. This vulnerability is cataloged as CVE-2002-0897. The attack may be launched remotely. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

In August 2024, SonicWall issued security advisory SNWLID-2024-0015, disclosing an improper access control vulnerability in SSLVPN across Gen5,

The post Akira Ransomware Exploits Unpatched SonicWall Flaws: Are You at Risk? appeared first on Penetration Testing Tools.

A cyber operation against a Philippine military contractor has exposed a newly discovered and highly sophisticated malicious infrastructure,

The post EggStreme Malware: The Stealthy Espionage Framework Targeting Military Contractors appeared first on Penetration Testing Tools.

Experts at Oasis Security have reported a vulnerability in the Cursor code editor that enables arbitrary tasks to

The post Critical Flaw in Cursor Puts Nearly a Million Developers at Risk appeared first on Penetration Testing Tools.

Пентест-платформа AdaptixC2 теперь верно служит чёрным хакерам.

A vulnerability was found in Wireless Tsukamoto WTW-EAGLE App up to 4.4.0 on iOS/Android and classified as critical. Affected is an unknown function. Executing manipulation can lead to improper certificate validation. This vulnerability is registered as CVE-2025-58781. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Contact Form 7 reCAPTCHA Plugin up to 1.2.0 on WordPress and classified as problematic. This impacts an unknown function. Performing manipulation of the argument REQUEST_URI results in cross site scripting. This vulnerability is cataloged as CVE-2025-8280. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in jQuery Colorbox Plugin up to 4.6.3 on WordPress. This affects an unknown function of the component Title Attribute Handler. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-3650. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 18.1.5/18.2.5/18.3.1. The impacted element is an unknown function. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2025-7337. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.1.5/18.2.5/18.3.1. The affected element is an unknown function. The manipulation results in exposure of sensitive system information to an unauthorized control sphere. This vulnerability is identified as CVE-2025-6769. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in GitLab Community Edition and Enterprise Edition up to 18.1.5/18.2.5/18.3.1. Impacted is an unknown function. The manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2025-6454. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in GitLab Community Edition and Enterprise Edition up to 18.1.5/18.2.5/18.3.1. This issue affects some unknown processing of the component SAML Response Handler. Executing manipulation can lead to improper validation of specified quantity in input. The identification of this vulnerability is CVE-2025-2256. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in GitLab Community Edition and Enterprise Edition up to 18.1.5/18.2.5/18.3.1. This vulnerability affects unknown code. Performing manipulation results in allocation of resources. This vulnerability was named CVE-2025-1250. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.