Aggregator

A vulnerability was found in WooCommerce Cart Abandonment Recovery Plugin up to 1.2.26 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Email Template Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-2322. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Bookmarks. The manipulation leads to use after free. This vulnerability is known as CVE-2024-3158. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as problematic. Affected is an unknown function of the component V8. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-3159. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AYS Pro Plugins Survey Maker Plugin up to 3.6.3 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-34423. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in

CVE-2025-24813 Tomcat 最新 RCE 分析复现

The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward future-ready cryptography. This feature release includes support for post-quantum cryptography (PQC), server-side QUIC, and tighter control over TLS behavior. Default behaviors reworked OpenSSL 3.5.0 makes several potentially incompatible changes to default settings. Notably, the default encryption cipher for the req, cms, and smime command-line utilities has changed from the aging … More →

The post OpenSSL prepares for a quantum future with 3.5.0 release appeared first on Help Net Security.

Index Engines announced CyberSense 8.10, fully integrated with Dell PowerProtect Cyber Recovery, which provides new capabilities to enhance cyber resilience and streamline recovery from ransomware attacks. CyberSense’s highly-trained AI ensures data integrity, empowering organizations to detect corruption from cyber threats and recover with confidence. With more than 1,500 global installations, CyberSense continues to lead the industry in ransomware detection. “As ransomware attacks continue to rise, organizations must ensure they have data integrity to enable fast … More →

The post Index Engines CyberSense 8.10 strengthens AI-driven cyber resilience appeared first on Help Net Security.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote

PCI DSS 4.0 compliance raises the regulatory bar with stricter authentication, continuous monitoring and tighter third-party oversight.

The post PCI DSS 4.0: Time to Pay Up, Securely  appeared first on Security Boulevard.

FT 报道，美国最近几周吊销了逾 500 名外国学生的签证。从事国际教育和交流的大学和个人组成的网络 Nafsa 通过汇总全美高等教育机构的报告，已经发现了 500 起撤销签证的事件。“在许多层面上，这是一个未知领域，”Nafsa 的首席执行官 Fanta Aw 说。“这达到了前所未有的程度，这很令人担忧，因为缺乏清晰性正在引发焦虑。”吊销签证事件通常是在联邦移民记录更新后学校才发现，受影响的包括在校学生和应届毕业生。这些事件中最引人瞩目的一起是土耳其博士生 Rumeysa Ozturk 在街上被联邦特工拘留。已有学生提起诉讼，指控他们的签证未经正当程序被吊销。

A vulnerability was found in Microsoft Office. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-29792. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft SharePoint. This affects an unknown part. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-29793. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft SharePoint. This vulnerability affects unknown code. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-29794. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Word and classified as problematic. This vulnerability affects unknown code. The manipulation leads to untrusted pointer dereference. This vulnerability was named CVE-2025-29816. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Word. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-29820. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component Active Directory Certificate Services. The manipulation leads to weak authentication. This vulnerability is traded as CVE-2025-27740. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Word. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted pointer dereference. This vulnerability is known as CVE-2025-27747. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. This vulnerability affects unknown code of the component Win32k. The manipulation leads to use after free. This vulnerability was named CVE-2025-26687. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.