Aggregator

A vulnerability, which was classified as problematic, was found in ReyCommerce Rey Core Plugin up to 3.1.8 on WordPress. Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-64220. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in VillaTheme Email Template Customizer for WooCommerce Plugin up to 1.2.17 on WordPress. Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-64200. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as problematic was found in Allegro Marketing hpb SEO Plugin up to 3.0.1 on WordPress. This impacts an unknown function. The manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2025-60075. The attack can be launched remotely. No exploit exists.

A vulnerability classified as problematic has been found in Keras up to 3.11.x. This affects the function get_vocabulary. The manipulation leads to deserialization. This vulnerability is documented as CVE-2025-12058. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Strategy11 Business Directory Plugin up to 6.4.18 on WordPress. The impacted element is an unknown function. Executing manipulation can lead to missing authorization. This vulnerability is registered as CVE-2025-64219. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as critical has been reported in StylemixThemes MasterStudy LMS Pro Plugin up to 4.7.16 on WordPress. The affected element is an unknown function. Performing manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-64212. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in StylemixThemes Masterstudy Elementor Widgets Plugin up to 1.2.4 on WordPress. Impacted is an unknown function. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2025-64211. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as critical has been detected in StylemixThemes Masterstudy Elementor Widgets Plugin up to 1.2.4 on WordPress. This issue affects some unknown processing. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-64210. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in WpEstate wpresidence Plugin up to 5.3.2 on WordPress. This vulnerability affects unknown code. The manipulation results in missing authorization. This vulnerability is identified as CVE-2025-64199. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in solwin Blog Designer Pro Plugin up to 3.4.8 on WordPress. It has been rated as critical. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is referenced as CVE-2025-58711. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in GitLab Enterprise Edition up to 18.3.4/18.4.2/18.5.0. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Project Handler. Executing manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2025-11702. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ThemeSphere SmartMag Plugin up to 10.3.0 on WordPress. It has been classified as critical. Affected by this vulnerability is an unknown functionality. Performing manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability was named CVE-2025-64216. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in ThimPress Eduma Plugin up to 5.7.6 on WordPress and classified as critical. Affected is an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is uniquely identified as CVE-2025-64195. The attack can be launched remotely. No exploit exists.

Хакеры активно копят данные для расшифровки в будущем.

A threat actor has claimed responsibility for breaching HSBC USA, alleging possession of a vast database containing sensitive customer personal identifiable information (PII) and financial details. The hacker posted screenshots and data samples on a dark web leak forum, asserting the breach involved coordinated efforts to extract records from the bank’s systems. This incident, reported […]

The post Hackers Allegedly Claim Breach Of HSBC USA Customers’ Records Including Financial Details appeared first on Cyber Security News.

独家解读国内首个融合国家级智库理论框架与大规模实战验证的数据智能体评测体系。

Socure unveiled an expanded RiskOS AI Suite of solutions featuring six breakthrough AI agents and assistants that substantially elevate the speed, intelligence, and precision of enterprise identity, compliance, and authentication operations. The investments Socure is making in AI position RiskOS as the new benchmark and standard for identity and risk decisioning. Arriving less than eight months after Socure’s acquisition of Effectiv and the General Availability release of RiskOS, the new RiskOS AI Suite signifies the … More →

The post Socure enhances RiskOS AI Suite with AI agents to transform identity, compliance, and risk decisioning appeared first on Help Net Security.

一站式满足企业知识沉淀、AI融合、安全合规的专属智能体落地需求。

360积极响应，为筑牢国家安全屏障贡献力量

种下一颗 不让世界变坏的念头