Aggregator

A vulnerability has been found in vbout Marketing Automation Plugin up to 1.2.6.8 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-22631. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in totalsoft WooCommerce Pricing Plugin up to 1.0.9 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-22632. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Photo Contest Plugin up to 2.8.1 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13822. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in 10Web Form Maker Plugin up to 1.15.32 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13605. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Logo Slider Plugin up to 4.5.x on WordPress. This affects an unknown part of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12308. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Matt Cromwell Give Plugin up to 2.0.0 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to file and directory information exposure. This vulnerability is handled as CVE-2025-22633. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in IBM i 7.2/7.3/7.4/7.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2024-55898. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Ravi & Suma RSV PDF Preview Plugin up to 1.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-51905. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Joan Boluda Embed Documents Shortcode Plugin up to 1.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-51904. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Rapid Sort RSV 360 View Plugin up to 1.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-51906. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in codemenschen WP Virtual Room Configurator Plugin up to 1.0.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-51907. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Monarkie Digital Content Solutions audioCase Plugin up to 1.2.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-51909. The attack can be launched remotely. There is no exploit available.

据相关人士透露，在犯罪团伙盘踞的缅甸东部妙瓦底等地，实际控制该地区的少数民族武装势力 22-23 日对电诈窝点集中的多个地区进行搜索，解救了约 3000名外国人。目前正在核实国籍，其中可能有不少中国人。邻国泰国当局认为，身陷电诈窝点的外国人高达约 1 万人，将推动当地多方势力为解救人员继续协作。泰国当局本月全面采取行动，停止向缅甸方面供电。受到压力后的 BGF 等少数民族势力转变态度，开始协助泰国当局。

In today’s fast-paced and interconnected world, compliance and regulatory frameworks are evolving faster than ever. The risk of falling behind on these changes can be severe. Enter horizon scanning—a concept that’s rapidly gaining traction in compliance and regulatory risk management.  Horizon scanning is not a new concept. In fact, horizon scanning has been used for […]

The post The Essential Guide to Horizon Scanning in Compliance and Regulatory Frameworks appeared first on Centraleyes.

The post The Essential Guide to Horizon Scanning in Compliance and Regulatory Frameworks appeared first on Security Boulevard.

A vulnerability has been found in vTiger CRM 6.4.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. This vulnerability was named CVE-2025-1618. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is traded as CVE-2025-1629. Access to the local network is required for this attack to succeed. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

OpenAI 研究员发现即使是最先进的 AI 模型也无法解决大部分它们没见过的编程问题。研究报告发表在预印本平台 arXiv。研究人员利用了一个新开发的基准测试 SWE-Lancer，该测试是基于自由职业网站 Upwork 上的逾 1,400 道软件工程问题，测试针对了三个大模型：OpenAI 的 o1 推理模型和 GPT-4o，以及 Anthropic 的 Claude 3.5 Sonnet。大模型被禁止联网，以免拷贝网上已经发布的类似问题答案。结果显示，Claude 3.5 Sonnet 的表现更出色，然而它的大部分答案也都是错误的。研究人员称，大模型需要提高可靠性才能被信任去完成现实中的编程问题。大模型在处理未知问题上仍然远逊色人类工程师。

A vulnerability was found in PHPMailer 1.72. It has been declared as problematic. Affected by this vulnerability is the function data of the file class.smtp.php. The manipulation leads to infinite loop. This vulnerability is known as CVE-2005-1807. The attack can be launched remotely. Furthermore, there is an exploit available.

Ubiquiti Networks has issued an urgent security advisory addressing five critical vulnerabilities in its UniFi Protect camera ecosystem, including two flaws enabling unauthenticated remote code execution (RCE) attacks.  The vulnerabilities, discovered during the 2025 Pwn2Own Toronto hacking competition and disclosed through Trend Micro’s Zero Day Initiative (ZDI), affect both camera firmware and the management application, […]

The post UniFi Protect Camera Vulnerability Allows Remote Code Execution Attacks appeared first on Cyber Security News.

A vulnerability was found in ClearSwift MAILsweeper 4.0/4.1/4.2/4.3. It has been classified as critical. Affected is an unknown function of the component MIME Version Header Field Handler. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2003-0121. It is possible to launch the attack remotely. Furthermore, there is an exploit available.