Aggregator

A vulnerability classified as problematic has been found in wpcrunch gAppointments Plugin up to 1.14.1 on WordPress. Affected by this issue is some unknown functionality. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-49951. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability described as problematic has been identified in useStrict bbPress Notify Plugin up to 2.19.4 on WordPress. Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-49962. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in Cynob IT Consultancy Auto Login After Registration Plugin up to 1.0.0 on WordPress. Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-49946. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as problematic has been found in CrocoBlock JetEngine Plugin up to 3.7.3 on WordPress. This impacts an unknown function. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-49938. The attack may be launched remotely. There is no exploit available.

TP-Link warns of critical flaws in Omada gateways across ER, G, and FR models. Users should update firmware immediately to stay secure. TP-Link is warning users of critical flaws impacting its Omada gateway devices. The Taiwanese company published two security advisories this week, outlining four vulnerabilities that impacts more than a dozen products across the […]

NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.

Britain’s security agencies are grappling with the most “contested and complex” threat environment in decades, one of the country’s most senior spies warned.

Как инженеры снизили сопротивление на 22 % и довели возможности состава до 450 км/ч.

On October 15, 2025, a major network infrastructure provider disclosed a sophisticated cybersecurity incident in which a nation-state threat actor maintained long-term, unauthorized access to internal systems. During the intrusion, the attackers exfiltrated portions of the company’s flagship network and application...

These Domains Have Been Seized