Aggregator

A vulnerability classified as problematic has been found in spicethemes Spice Starter Sites Plugin up to 1.2.5 on WordPress. This vulnerability affects unknown code. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2024-44003. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in Wpsoul Greenshift Plugin up to 9.3.7 on WordPress. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2024-44005. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Maintenance Redirect Plugin up to 2.0.1 on WordPress. The impacted element is an unknown function of the component Maintenance Mode. Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2024-45453. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as critical has been discovered in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce Plugin up to 1.9.10 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is tracked as CVE-2024-44048. The attack can be launched remotely. No exploit exists.

A vulnerability labeled as critical has been found in Firsh Justified Image Grid Plugin up to 4.6.1 on WordPress. The impacted element is an unknown function. The manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2024-43989. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Livemesh Addons for Elementor Plugin up to 8.5 on WordPress. It has been classified as problematic. This affects an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-47303. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in TaxoPress Tag Cloud Plugin up to 2.0.3 on WordPress. This issue affects some unknown processing. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2024-43237. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Themepoints Testimonials Plugin up to 3.0.8 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-43959. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Dnesscarkey Use Any Font Plugin up to 6.3.08 on WordPress. It has been classified as problematic. This impacts an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-47305. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in GiveWP Plugin up to 3.15.1 on WordPress. It has been declared as problematic. Affected is an unknown function. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2024-47315. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Stuart Wilson Joy of Text Lite Plugin up to 2.3.1 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is referenced as CVE-2024-47337. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in WPDeveloperr Confetti Fall Animation Plugin up to 1.3.0 on WordPress. It has been rated as problematic. This impacts an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2024-47641. It is possible to initiate the attack remotely. There is no exploit available.

Около 1,5 тысячи мелких провайдеров в Москве и Подмосковье оказались под угрозой закрытия.

研究人员发现，常用的丁腈橡胶和乳胶实验室手套会释放与微塑料相似的硬脂酸盐颗粒，可能会在研究微塑料污染时高估其含量。实验室手套会无意中将颗粒转移到用于分析空气、水等样本的实验室工具上。研究人员建议使用洁净室手套，这种手套释放的颗粒要少得多。硬脂酸盐是一种类肥皂的盐基物质，被添加到一次性手套中，以帮助其在制造过程中轻松与模具分离。由于其化学性质与部分塑料相似，在实验室分析中会难以区分，增加了研究微塑料污染时出现假阳性的风险。

This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls

#数学思维 梯形ABCD，AD∥BC、AE/EB=m/n、AD=a、BC=b、S(ABCD)=S，求S△CDE。 看到有人扯“梯形一半模型”，那个太窄，这个更一般化。

The OpenSSH project released version 10.3 and 10.3p1 on April 2, 2026, addressing a shell injection vulnerability and introducing several security-hardening changes that administrators should review before upgrading. The most notable security fix targets a shell injection vulnerability in the -J (ProxyJump) command-line option. Prior to this release, user and host names passed via -J […]

The post OpenSSH 10.3 Fixes Shell Injection and Multiple SSH Security Issues appeared first on Cyber Security News.

A seemingly routine procurement email has become the entry point for a sophisticated six-stage malware attack targeting industrial suppliers and procurement teams. The campaign, tracked as NKFZ5966PURCHASE, disguises itself as a Boeing Request for Quotation (RFQ) from a person named “Joyce Malave,” luring victims into opening a malicious Word document. Once opened, the file silently […]

The post Hackers Abuse DOCX, RTF, JS, and Python in Stealthy Boeing RFQ Malware Campaign appeared first on Cyber Security News.

OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH implementations that do not support rekeying. Rekeying compatibility removed SSH clients and servers that lack rekeying support will fail when they attempt to interoperate with OpenSSH going forward. The project removed the bug-compatibility code that previously allowed such implementations to keep working. Deployments running non-standard or legacy SSH software should verify rekeying … More →

The post OpenSSH 10.3 patches five security bugs and drops legacy rekeying support appeared first on Help Net Security.

A vulnerability was found in Philips MRI 1.5T and MRI 3T 5.x. It has been rated as problematic. This vulnerability affects unknown code. Performing a manipulation results in incorrect permission assignment. This vulnerability is reported as CVE-2021-26248. The attack requires a local approach. No exploit exists.