Aggregator

CVE-2025-47577 | TemplateInvaders TI WooCommerce Wishlist Plugin up to 2.9.2 on WordPress unrestricted upload (EUVD-2025-15805)

1 month 4 weeks ago

A vulnerability classified as critical was found in TemplateInvaders TI WooCommerce Wishlist Plugin up to 2.9.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-47577. The attack can be launched remotely. There is no exploit available.

vuldb.com

Lumma Infostealers Developers Trying Hard To Conduct Business As Usual

Cyber Security News

1 month 4 weeks ago

In the high-stakes world of cybercrime, few tools have garnered as much attention as Lumma Infostealer. Emerging as a powerful malware-as-a-service (MaaS) offering, Lumma achieved notoriety for its wide-reaching impact on both individuals and enterprises. Its main function is to harvest sensitive information—ranging from browser credentials to cryptocurrency wallet data—making it a favored weapon not […]

The post Lumma Infostealers Developers Trying Hard To Conduct Business As Usual appeared first on Cyber Security News.

Tushar Subhra Dutta

#Infosec2025: Know Your Audience to Make an Impact, CISOs Tell Their Peers

Information Security Magazine

1 month 4 weeks ago

A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape

CVE-2005-1033 | Devellion CubeCart 2.0.6 Error Message index.php Product information disclosure (EDB-25355 / Nessus ID 17999)

Vuldb Updates

1 month 4 weeks ago

A vulnerability has been found in Devellion CubeCart 2.0.6 and classified as problematic. This vulnerability affects unknown code of the file index.php of the component Error Message Handler. The manipulation of the argument Product leads to information disclosure. This vulnerability was named CVE-2005-1033. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

vuldb.com

How to build a robust Windows service to block malware and ransomware

Bleeping Computer.

1 month 4 weeks ago

Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...]

Designing a Windows Service for Security

Bleeping Computer.

1 month 4 weeks ago

Nearly 94 Billion Stolen Cookies Found on Dark Web

Hack Read

1 month 4 weeks ago

Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies…

Deeba Ahmed

CVE-2023-42576 | Samsung Samsung Pass 4.0.06.1 improper authentication (EUVD-2023-47009)

Vuldb Updates

1 month 4 weeks ago

A vulnerability classified as problematic was found in Samsung Samsung Pass 4.0.06.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2023-42576. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Cellebrite to acquire mobile testing firm Corellium in $200 million deal

CyberScoop

1 month 4 weeks ago

Both companies have faced controversy in recent years, primarily for their work in circumventing mobile device security features

The post Cellebrite to acquire mobile testing firm Corellium in $200 million deal appeared first on CyberScoop.

Greg Otto

Adobe 发布 Android 版 Photoshop，目前免费测试

Solidot

1 month 4 weeks ago

Adobe 发布了 Android 版 Photoshop，目前还是 Beta，但用户可以免费试用。这是 Adobe 第三次尝试将其著名图像编辑软件移植到手机上，这一次移植在功能上要更完整，比之前的 Photoshop Express 或 Photoshop Touch 强大得多。除了传统的图像编辑功能外，它还提供了一系列生成式 AI 功能，用户可通过文本提示选择对象或背景、移除对象以及插入新内容。Photoshop(Beta)的硬件要求是至少 6GB 内存，最好 8GB 内存，600MB 存储空间，以及运行的 Android 版本是至少是 Android 11。

All about that baseline: Detecting anomalies with Surveyor

The Red Canary Blog: Information Security Insights

1 month 4 weeks ago

The Surveyor open source tool can help organizations establish a baseline of their environment, verify activity, and investigate anomalies.

Tre Wilkins

CVE-2023-45050 | Automattic Jetpack Plugin up to 12.8-a.1 on WordPress Block Attribute cross site scripting (EUVD-2023-49371)

Vuldb Updates

1 month 4 weeks ago

A vulnerability was found in Automattic Jetpack Plugin up to 12.8-a.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Block Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-45050. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2023-41128 | Iqonic Design WP Roadmap Plugin up to 1.0.8 on WordPress cross site scripting (EUVD-2023-45647)

Vuldb Updates

1 month 4 weeks ago

A vulnerability, which was classified as problematic, was found in Iqonic Design WP Roadmap Plugin up to 1.0.8 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-41128. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2025-27445 | rsjoomla RSFirewall Component up to 3.1.5 on Joomla path traversal (EUVD-2025-16991)

Vuldb Updates

1 month 4 weeks ago

A vulnerability has been found in rsjoomla RSFirewall Component up to 3.1.5 on Joomla and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal: '.../...//'. This vulnerability is known as CVE-2025-27445. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-27753 | rsjoomla RSMediaGallery Component up to 2.1.6 on Joomla sql injection (EUVD-2025-16990)

Vuldb Updates

1 month 4 weeks ago

A vulnerability was found in rsjoomla RSMediaGallery Component up to 2.1.6 on Joomla and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-27753. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2023-49076 | Pimcore customer-data-framework up to 4.0.4 cross-site request forgery (EUVD-2023-53095)

Vuldb Updates

1 month 4 weeks ago

A vulnerability classified as problematic was found in Pimcore customer-data-framework up to 4.0.4. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2023-49076. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2023-48329 | CodeBard Fast Custom Social Share by Plugin up to 1.1.1 on WordPress cross site scripting (EUVD-2023-52385)

Vuldb Updates

1 month 4 weeks ago

A vulnerability, which was classified as problematic, was found in CodeBard Fast Custom Social Share by Plugin up to 1.1.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-48329. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com