Aggregator

A vulnerability classified as problematic was found in Jobair JB Horizontal Scroller News Ticker Plugin up to 1.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-23830. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Nikos M Top Flash Embed Plugin up to 0.3.4 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-23841. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Strx Magic Floating Sidebar Maker Plugin up to 1.4.1 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-23827. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in librenms up to 24.10.x and classified as problematic. This issue affects some unknown processing of the file /ajax_form.php. The manipulation of the argument descr leads to cross site scripting. The identification of this vulnerability is CVE-2025-23199. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in librenms up to 24.10.x. It has been classified as problematic. Affected is an unknown function of the file ajax_form.php. The manipulation of the argument state leads to cross site scripting. This vulnerability is traded as CVE-2025-23200. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in librenms up to 24.10.x. Affected is an unknown function of the file /addhost. The manipulation of the argument community leads to cross site scripting. This vulnerability is traded as CVE-2025-23201. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： IBM 安全验证目录服务器容器存在两个漏洞，可能允许攻击者获得未经授权的访问权限并执行命令。IBM 已发布安全公告，详细说明了这些漏洞。 公告中提到的两个漏洞是 CVE-2024-49814 和 CVE-2024-51450，影响 IBM 安全验证目录 10.0.0 至 10.0.3 版本。 CVE-2024-49814 是一个本地权限提升漏洞，可能允许经过身份验证的用户获得更高权限，并有可能控制整个系统。该漏洞的 CVSS 基础评分为 7.8，表明其严重性较高。 CVE-2024-51450 是一个远程命令注入漏洞，可能允许攻击者通过发送特制请求在系统上执行任意命令。该漏洞的 CVSS 基础评分为 9.1，表明其严重性为关键级别。 “IBM 安全验证目录可能允许远程经过身份验证的攻击者通过发送特制请求在系统上执行任意命令，”公告中指出。 IBM 强烈建议客户更新到最新版本的软件，以修复这些漏洞。更新包括解决已识别安全缺陷的修复程序，并增强了系统的整体安全性。 使用 IBM 安全验证目录的组织应尽快应用更新，以保护其系统免受潜在攻击。优先考虑漏洞管理并确保及时应用安全更新，对于降低被利用的风险至关重要。   消息来源：Security Online, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

海云安正式宣布完成与DeepSeek（深度求索）的深度技术融合，旗下核心产品开发者智能助手（D10）全面接入D […]

引擎发力，组件风险无所遁形 1.容器镜像扫描引擎 1.1  全球独家情报库，恶意组件、文件风险精准狙 […]

sharem SHAREM is intended to be the ultimate Windows shellcode tool, with support to emulate over 12,000 WinAPIs, virtually all user-mode Windows syscalls, and SHAREM provides numerous new features. SHAREM was released on September...

The post sharem: ultimate Windows shellcode tool appeared first on Penetration Testing Tools.

A vulnerability was found in ProJoom Smart Flash Header up to 3.0.2 on Joomla and classified as critical. Affected by this issue is some unknown functionality of the file views/upload.php. The manipulation of the argument Filename as part of Parameter leads to unrestricted upload. This vulnerability is handled as CVE-2014-1214. The attack may be launched remotely. Furthermore, there is an exploit available.

Process Stomping A variation of ProcessOverwriting to execute shellcode on an executable’s section What is it Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on...

The post Process Stomping: execute shellcode on an executable’s section appeared first on Penetration Testing Tools.

PurpleOps PurpleOps is a free, open-source web app to track Purple Team assessments. Create assessments aligned with MITRE ATT&CK, leveraging data from sources like Atomic Red Team and SIGMA. Centralise blue and red team...

The post PurpleOps: open-source self-hosted purple team management web application appeared first on Penetration Testing Tools.

A vulnerability was found in Tom Ewer & Tito Pandu Easy Tweet Embed Plugin up to 1.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-23890. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Common Ninja Compare Ninja Plugin up to 2.1.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-23909. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Rami Yushuvaev Pastebin Plugin up to 1.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-23908. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Massimo Serpilli Incredible Font Awesome Plugin up to 1.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-23927. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WpFreeware WpF Ultimate Carousel Plugin up to 1.0.11 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-23933. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Harun R. Rayhan CC Circle Progress Bar Plugin up to 1.0.0 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23936. The attack can be initiated remotely. There is no exploit available.