Aggregator

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field

Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE

Simple File List WordPress Plugin 4.2.2 - File Upload to RCE

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

保障银行业务连续性和安全性。

Hewlett-Packard Enterprise has issued a critical security advisory concerning a severe vulnerability in Aruba Instant On access points. Embedded credentials have been discovered within the devices, enabling malicious actors to bypass standard authentication and...

The post Critical Flaw (CVE-2025-37103) in Aruba Instant On APs: Hardcoded Credentials Allow Full Admin Takeover – Patch Now! appeared first on Penetration Testing Tools.

Hackers have successfully injected malicious code into popular npm packages by leveraging a phishing campaign against project maintainers. The attackers orchestrated a targeted campaign aimed at developers stewarding key projects and managed to steal...

The post npm Supply Chain Attack Exploited in the Wild – Phishing Steals Maintainer Tokens, Injects Malware into Popular Packages appeared first on Penetration Testing Tools.

SentinelOne shares distinct attack clusters and a detailed timeline of events on an active exploit of the ToolShell 0-day in MS SharePoint.

The post SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers appeared first on SentinelOne.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 21st of July 2025

Ransomware Attack Update for the 21st of July 2025

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. It has been classified as critical. Affected is an unknown function of the component RTP Packet Handler. The manipulation leads to buffer over-read. This vulnerability is traded as CVE-2025-21427. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Qualcomm Snapdragon Compute FastConnect 7800 up to WSA8832. This affects an unknown part of the component Camera TPG. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-21426. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Technology, Snapdragon Voice & Music, Snapdragon WBC and Snapdragon Wearables. This issue affects some unknown processing of the component RSA Private Key Handler. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-21433. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Qualcomm Snapdragon Auto and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2025-21445. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.