Aggregator

A vulnerability was found in Wow-Company Counter Box Plugin up to 2.0.5 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-24715. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP-FeedStats goodlayers-core Plugin up to 2.1.2 on WordPress. It has been rated as critical. This issue affects some unknown processing of the component SVG Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-12163. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in RSTheme Ultimate Coming Soon & Maintenance Plugin up to 1.0.9 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-24543. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in RSTheme Ultimate Coming Soon & Maintenance Plugin up to 1.0.9 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-24546. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP-FeedStats tourmaster Plugin up to 5.3.4 on WordPress. Affected by this vulnerability is an unknown functionality of the component Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-12400. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. This vulnerability is handled as CVE-2024-12976. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

SilentMoonwalk SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from the control flow....

The post SilentMoonwalk: PoC Implementation of a fully dynamic call stack spoofer appeared first on Penetration Testing Tools.

Currently trending CVE - Hype Score: 4 - billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Currently trending CVE - Hype Score: 5 - Windows OLE Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 5 - Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.

Currently trending CVE - Hype Score: 1 - A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through ...

Firebase, a versatile platform by Google, powers countless web and mobile applications with its extensive suite of services including real-time databases, authentication, cloud storage, and hosting. Its ubiquity and ease of use make it...

The post agneyastra: Firebase Misconfiguration Detection Toolkit appeared first on Penetration Testing Tools.

A vulnerability was found in Apple macOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component BOM. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-42876. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-5900. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, two GreyNoise tags — Tomcat Manager Brute Force Attempt and Tomcat Manager Login Attempt — registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.

Explore how learning management systems (LMS) software supports safe online learning, protects employee data, and ensures compliance in…

顺应国产化替代趋势，选用国密算法支持自主可控技术发展。

The identity industry faces its biggest shift yet: machines now outnumber humans 90:1 in digital systems. From AI-powered authentication to passwordless futures, discover the $61.74B transformation reshaping how we think about digital trust and security.

The post Identity’s New Frontier: AI, Machines, and the Future of Digital Trust appeared first on Security Boulevard.

该报告通过实证分析揭示俄罗斯雇佣兵在非洲的战略角色转变及其多维负面影响，为理解地区安全动态、中俄地缘博弈提供了详实的政策参考，其数据与结论对国际社会评估俄罗斯在非洲的行动具有重要价值。

自2018年以来，AI开发者创建了广泛适用的基础模型，这些模型在多种任务上表现出色，但需要大量的计算资源。训练这些模型的费用高昂，并且呈指数级增长，引发了关于“谁来支付这些费用”的讨论。