Aggregator

A vulnerability identified as critical has been detected in MSP360 Free Backup. This affects an unknown part. Performing manipulation results in link following. This vulnerability was named CVE-2025-12838. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in AcademySoftwareFoundation OpenEXR. Affected by this issue is some unknown functionality of the component EXR File Parser. Such manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-12495. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

The Tor Project has released a fresh update for its privacy-focused web browser. Tor Browser 15.0.1 is now available and addresses several high-risk security issues that could have compromised users’ privacy. This update is recommended for all users who want to stay secure on the internet and keep their information private. You can download Tor […]

The post Tor Browser 15.0.1 Update Patches Several High-Risk Security Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Easy Email Subscription Plugin up to 1.3 on WordPress. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. This manipulation of the argument Name causes cross site scripting. This vulnerability is handled as CVE-2025-11994. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in MembershipWorks Plugin up to 6.14 on WordPress. It has been declared as problematic. Affected is an unknown function of the component Setting Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-12018. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Specific Content for Mobile Plugin up to 0.5.5 on WordPress. It has been classified as critical. This impacts the function eos_scfm_duplicate_post_as_draft. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-11454. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP Import Plugin up to 7.33 on WordPress and classified as problematic. This affects the function showsetting of the component Setting Handler. Executing manipulation can lead to missing authorization. This vulnerability appears as CVE-2025-12732. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in Alt Text Generator AI Plugin up to 1.8.3 on WordPress and classified as critical. The impacted element is the function atgai_delete_api_key. Performing manipulation results in missing authorization. This vulnerability is reported as CVE-2025-12113. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in Payment Plugins Braintree for WooCommerce Plugin up to 3.2.78 on WordPress. The affected element is an unknown function of the file wc-braintree/v1/3ds/vaulted_nonce of the component REST API Endpoint. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-12903. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in Booking Calendar Plugin up to 2.5.0 on WordPress. Impacted is an unknown function of the file /wp-json/bookit/v1/commerce/stripe/return of the component REST API Endpoint. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-12633. Remote exploitation of the attack is possible. No exploit is available.

11月22日，京麒线下闭门沙龙，扫码参与报名，名额有限！

In this Help Net Security interview, Paul J. Mocarski, VP & CISO at Sammons Financial Group, discusses how insurance carriers are adapting their cybersecurity strategies. He explains how ongoing threat assessments, AI-driven automation, and third-party risk management help maintain readiness. Mocarski also shares how collaboration, integration, and disciplined response are shaping the industry’s defense against next-generation attacks. When you conduct ongoing threat assessments, what signals or patterns are you paying closest attention to, and how … More →

The post When every day is threat assessment day appeared first on Help Net Security.

A vulnerability classified as critical was found in Apache OpenOffice up to 4.1.15. This issue affects some unknown processing of the component INI File Handler. The manipulation results in improper authorization. This vulnerability is cataloged as CVE-2025-64407. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Apache OpenOffice up to 4.1.15. This vulnerability affects unknown code of the component Document Handler. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2025-64406. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Apache OpenOffice. This affects an unknown part of the component DDE Handler. Executing manipulation can lead to improper authorization. This vulnerability is tracked as CVE-2025-64405. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Apache OpenOffice up to 4.1.15. Affected by this issue is some unknown functionality of the component Bullet Image Handler. Performing manipulation results in improper authorization. This vulnerability is identified as CVE-2025-64404. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Apache OpenOffice up to 4.1.15. Affected by this vulnerability is an unknown functionality of the component Calc Spreadsheet Handler. Such manipulation leads to improper authorization. This vulnerability is referenced as CVE-2025-64403. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

开源项目大部分情况下是志愿者维护的，公开源代码通常也意味着欢迎用户报告 Bug 和递交需求，开发者一般也会根据自己的时间而做出合理回应。但开发者也是普通人，他们的热情也会随着时间的推移而消退，而在 AI 时代，bug 报告比以往任何时候都容易，结果是志愿开发者们被淹没在各种 Bug 报告中，严重消耗他们的热情和精力。著名的开源多媒体框架 FFmpeg 项目收到了来自 Google AI 工具报告的 bug，涉及解码 1995 年游戏《Rebel Assault 2》使用的编解码器，这种极其罕见的 bug 可能除了 AI 人类根本不可能发现，此事引发了广泛争议：一家市值数万亿美元的公司让志愿者去修复它发现的 bug，这是极其不合理的。FFmpeg 项目将此类 bug 报告称之为“CVE 垃圾（CVE slop）”，认为 Google 要么直接提供资金资助项目要么停止报告此类报告。FFmpeg 不是唯一遭遇此类问题的开源项目。

A vulnerability identified as critical has been detected in Apache OpenOffice up to 4.1.15. Affected is an unknown function of the component OLE Object Handler. This manipulation causes improper authorization. The identification of this vulnerability is CVE-2025-64402. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.