Aggregator

Submit #619530 / VDB-317222

A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...

The post SharePoint Under Siege: New Zero-Day (CVE-2025-53770) Actively Compromises 100+ Global Organizations appeared first on Penetration Testing Tools.

Submit #619379 / VDB-317221

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

根据发表在《Nature Human Behaviour》期刊上的一项研究，在不减少收入的情况下，每周工作四天能增进员工工作满意度和身心健康，这得益于工作效率提升、疲劳度降低和睡眠问题减少。这些发现凸显出组织和政策制定者通过重新评估工作时长来改善员工福祉的潜力。为测试四天工作制（不减薪）干预的效果，研究人员开展了为期 6 个月的试验，涉及澳大利亚、加拿大、新西兰、英国、爱尔兰和美国 141 家组织的 2896 名雇员。利用调查数据，他们比较了干预前后的工作和健康相关指标（包括职业倦怠、工作满意度、心理和身体健康）。他们还将结果与另外 12 个没有尝试该措施的公司的 285 名雇员作了比较。结果显示，在采取 4 天工作制以后，平均每周工作时间减少了 5 小时。和继续每周工作 5 天的公司员工相比，每周工作时间减少 8 小时或以上的员工，自我报告倦怠感降低，工作满意度和精神健康改善。同样的效应在每周工作时长减少 1-4 小时和 5-7 小时的员工身上也被观察到，尽管效果相对较小。这些获益可以部分归因于睡眠问题减少、疲劳程度降低，以及个人工作能力提升。

Submit #619364 / VDB-317220

A vulnerability was found in mirror-registry and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to injection. The identification of this vulnerability is CVE-2025-7777. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Rocket.Chat and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-7974. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WP Shortcodes Plugin up to 7.4.2 on WordPress. This affects an unknown part. The manipulation of the argument Image Title/Slide Link leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8015. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Amazon Affiliates Addon for WPBakery Page Builder Plugin up to 1.2 on WordPress. Affected by this issue is some unknown functionality of the component WPBakery Page. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-30631. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in FoodMenu Plugin up to 1.20 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-29014. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Apollo Plugin up to 3.4 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-48168. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Radio Player Shoutcast & Icecast Plugin up to 4.4.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-53205. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Alike Plugin up to 3.0.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-28975. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WooCommerce Shop Page Builder Plugin up to 2.27.7 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-28999. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in JetTabs Plugin up to 2.2.9 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Configuration Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-53985. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in JetSmartFilters Plugin up to 3.6.7 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-54008. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in JetTricks Plugin up to 1.5.4.1 on WordPress. Affected is an unknown function of the component Configuration Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-53992. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Appointment Booking & Scheduling Plugin up to 5.1.20 on WordPress. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-54040. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in JetPopup Plugin up to 2.0.15 on WordPress. This vulnerability affects unknown code of the component Configuration Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-53993. The attack can be initiated remotely. There is no exploit available.