Aggregator

CVE-2025-6040 | Easy Flashcards Plugin up to 0.1 on WordPress Setting ef_settings_submenu cross-site request forgery

Vuldb Updates
2 months ago
A vulnerability was found in Easy Flashcards Plugin up to 0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function ef_settings_submenu of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-6040. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-5589 | StreamWeasels Kick Integration Plugin up to 1.1.3 on WordPress status-classic-offline-text cross site scripting

Vuldb Updates
2 months ago
A vulnerability classified as problematic has been found in StreamWeasels Kick Integration Plugin up to 1.1.3 on WordPress. This affects an unknown part. The manipulation of the argument status-classic-offline-text leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5589. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools

Help Net Security
2 months ago

OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest Kali version comes with new community wallpapers and new versions of the KDE Plasma and GNOME graphical desktop environments. This time around, the Kali Menu is new, as well: it has been reorganized to follow the … More →

The post Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools appeared first on Help Net Security.

Zeljka Zorz

CVE-2004-1924 | Tiki TikiWiki 1.6.1/1.8.1 cross site scripting (EDB-43809 / Nessus ID 14364)

Vuldb Updates
2 months ago
A vulnerability classified as problematic was found in Tiki TikiWiki 1.6.1/1.8.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2004-1924. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-28424 | zenml 0.55.4 cloudpickle_materializer.py load unrestricted upload (EUVD-2024-25521)

Vuldb Updates
2 months ago
A vulnerability was found in zenml 0.55.4. It has been rated as problematic. This issue affects the function load of the file /materializers/cloudpickle_materializer.py. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-28424. The attack can only be done within the local network. There is no exploit available.
vuldb.com

CVE-2024-28401 | TOTOLINK X2000R 1.0.0-B20221212.1452/1.0.0-B20230221.0948.web Wireless Page cross site scripting (EUVD-2024-25498)

Vuldb Updates
2 months ago
A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20221212.1452/1.0.0-B20230221.0948.web. This affects an unknown part of the component Wireless Page. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-28401. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad