Aggregator

CVE-2025-12033 | Simple Banner Plugin up to 3.0.10 on WordPress pro_version_activation_code cross site scripting

3 months 3 weeks ago

A vulnerability was found in Simple Banner Plugin up to 3.0.10 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation of the argument pro_version_activation_code results in cross site scripting. This vulnerability is identified as CVE-2025-12033. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2025-10588 | PixelYourSite Plugin up to 11.1.2 on WordPress Setting adminEnableGdprAjax cross-site request forgery

Vuldb Updates

3 months 3 weeks ago

A vulnerability was found in PixelYourSite Plugin up to 11.1.2 on WordPress. It has been declared as problematic. The affected element is the function adminEnableGdprAjax of the component Setting Handler. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2025-10588. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2025-10570 | Flexible Refund and Return Order for WooCommerce Plugin save_refund_request authorization

Vuldb Updates

3 months 3 weeks ago

A vulnerability described as problematic has been identified in Flexible Refund and Return Order for WooCommerce Plugin up to 1.0.38 on WordPress. This issue affects the function save_refund_request. Executing manipulation can lead to missing authorization. This vulnerability appears as CVE-2025-10570. The attack may be performed from remote. There is no available exploit.

vuldb.com

神秘象（Mysterious Elephant）APT组织的攻击技术持续演化分析

白泽安全实验室

3 months 3 weeks ago

【人物调研】美国反情报与安全中心主任乔治·斯特里特

情报分析师

3 months 3 weeks ago

2025年9月18日，美国参议院以51票对47票的微弱优势，确认乔治·“韦斯”·斯特里特（George "W

使用在线研究方法调查一个人的人、地点和时间

情报分析师

3 months 3 weeks ago

对于传统的调查记者、新闻讲师和学生来说，在线研究往往是一个挑战。来自网络的信息可能是虚假的、有偏见的、不完整

CVE-2025-11419 | Red Hat KeyCloak TLS Client denial of service (WID-SEC-2025-2224)

Vuldb Updates

3 months 3 weeks ago

A vulnerability classified as problematic has been found in Red Hat KeyCloak. This issue affects some unknown processing of the component TLS Client. This manipulation causes denial of service. The identification of this vulnerability is CVE-2025-11419. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

OpenAI 发布 AI 浏览器 ChatGPT Atlas

Solidot

3 months 3 weeks ago

OpenAI 发布了深度整合其 AI 聊天机器人 ChatGPT 的浏览器 ChatGPT Atlas。该浏览器首先提供了 macOS 版本，未来将推出 Windows、iOS 和 Android 版本。Atlas 标签页和 Google 搜索框一样简洁，其中的一段文本提示用户可以询问 ChatGPT 或输入网址，用户可以在当前页打开侧边框与 ChatGPT 聊天，根据页面上下文提问，可以在草稿窗口使用 ChatGPT 直接编辑 Gmail 草稿而无需在聊天窗口拷贝粘贴。

Qilin

Dark Feed IO

3 months 3 weeks ago

You must login to view this content

cohenido

Qilin

Dark Feed IO

3 months 3 weeks ago

You must login to view this content

cohenido

Нашли "козла отпущения". Инженер, делавший "дыры" в iOS, в панике выключил свой iPhone после уведомления Apple

Securitylab.ru

3 months 3 weeks ago

Рынок шпионского ПО начал пожирать сам себя.

直播预告：2025 TECHWORLD 绿盟科技智慧安全大会

数世咨询

3 months 3 weeks ago

2025 TECHWORLD 绿盟科技智慧安全大会

AI时代来临，CISO重塑企业安全组织，行业迎来新变革

数世咨询

3 months 3 weeks ago

AI就像一位新加入团队的成员，它能让每个人都变得更强，而CISO要做的，就是确保它被正确地引导。

CVE-1999-0913 | Network Security Wizards Dragon-Fire IDS 1.0 dfire.cgi Metacharacter privileges management (EDB-19444 / ID 10212)

Vuldb Updates

3 months 3 weeks ago

A vulnerability, which was classified as critical, has been found in Network Security Wizards Dragon-Fire IDS 1.0. The affected element is an unknown function of the file dfire.cgi. Performing manipulation as part of Metacharacter results in improper privilege management. This vulnerability is reported as CVE-1999-0913. The attack is possible to be carried out remotely. Moreover, an exploit is present. This vulnerability is historically significant due to its background and the way it was received. It is advisable to upgrade the affected component.

vuldb.com

CVE-1999-0922 | Allaire Coldfusion Server 4.0 sourcewindow.cfm Source information disclosure (ASB99-02 / ID 10129)

Vuldb Updates

3 months 3 weeks ago

A vulnerability marked as problematic has been reported in Allaire Coldfusion Server 4.0. Affected by this vulnerability is an unknown functionality of the file sourcewindow.cfm. This manipulation causes information disclosure (Source). The identification of this vulnerability is CVE-1999-0922. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-1999-0920 | University of Washington POP2d/IMAP4 4.4 memory corruption (EDB-19226 / Nessus ID 10130)

Vuldb Updates

3 months 3 weeks ago

A vulnerability categorized as critical has been discovered in University of Washington POP2d and IMAP4 4.4. This vulnerability affects unknown code. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-1999-0920. The attack can be executed remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

vuldb.com

CVE-1999-0911 | ProFTPD/Wu-FTPD/BeroFTPD MKD/CWD Command Nested Directories memory corruption (EDB-19475 / Nessus ID 10190)

Vuldb Updates

3 months 3 weeks ago

A vulnerability was found in ProFTPD, Wu-FTPD and BeroFTPD. It has been rated as critical. Affected is an unknown function of the component MKD/CWD Command. Performing manipulation as part of Nested Directories results in memory corruption. This vulnerability is known as CVE-1999-0911. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-1999-0923 | Allaire Coldfusion Server 4.0 Snippet privileges management (ASB99-02 / ID 10149)

Vuldb Updates

3 months 3 weeks ago

A vulnerability described as critical has been identified in Allaire Coldfusion Server 4.0. Affected by this issue is some unknown functionality of the component Snippet Handler. Such manipulation leads to improper privilege management. This vulnerability is referenced as CVE-1999-0923. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

vuldb.com

Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

3 months 3 weeks ago

On October 6, 2025, the cybercriminal developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums, introducing a sophisticated information-stealing malware that employs direct memory injection to bypass modern browser security protections. This new version represents a complete architectural overhaul, transitioning from C++ to a pure C implementation that allegedly enhances […]

The post Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration

Cyber Security News

3 months 3 weeks ago

A critical authorization bypass vulnerability has emerged in ZYXEL’s ATP and USG series network security appliances, allowing attackers to circumvent two-factor authentication protections and gain unauthorized access to sensitive system configurations. Tracked as CVE-2025-9133, this security flaw affects devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated […]

The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.

Tushar Subhra Dutta

Aggregator

Managed ad