Aggregator

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.9.8. This vulnerability affects the function is_avq of the file virtio_pci_common.c. The manipulation results in null pointer dereference. This vulnerability was named CVE-2024-42134. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

We are extending AI-related insights on Cloudflare Radar with new industry-focused data and a breakdown of bot traffic by purpose, such as training or user action.

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors. "While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and

New York AG Letitia James has sued Zelle’s parent, Early Warning Services, over billions lost to fraud, spotlighting the urgent need for stronger safeguards, consumer protections, and risk quantification in real-time payments.

The post New York Attorney General Sues Zelle Parent Over Fraud Failures, Raising Stakes for Real-Time Payment Security appeared first on Security Boulevard.

Cyberattack on Miljödata disrupted services in over 200 Swedish municipalities, with concerns over stolen sensitive data. A cyberattack on Miljödata, an IT supplier serving 80% of Swedish municipalities, including Skellefteå, Mönsterås and Kalmar, disrupted services in over 200 municipalities and raised concerns of stolen sensitive data. The Swedish Privacy Agency confirmed that it has already received around 70 […]

Хакеры нацелились на 200 муниципалитетов...и пока побеждают.

Cloudflare launches AI Crawl Control (formerly AI Audit) and introduces easily customizable 402 HTTP responses.

With NLWeb, an open project by Microsoft, and Cloudflare AutoRAG, conversational search is now a one-click setup for your website.

Cloudflare now lets websites and bot creators use Web Bot Auth to segment agents from verified bots, making it easier for customers to allow or disallow the many types of user and partner directed.

An inside look at how the Images team compared dichotomous image segmentation models to identify and isolate subjects in an image from the background.

A vulnerability identified as problematic has been detected in ProjectsAndPrograms School Management System 1.0. The impacted element is an unknown function of the file themeSet.php of the component POST Parameter Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-51967. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in PuneethReddyHC ReddyHC Online Shopping System Advanced 1.0. The affected element is an unknown function of the file register.php. The manipulation of the argument f_name results in cross site scripting. This vulnerability is identified as CVE-2025-51971. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been rated as critical. Impacted is an unknown function of the file product.php of the component GET Parameter Handler. The manipulation of the argument GETproduct_id leads to sql injection. This vulnerability is referenced as CVE-2025-51969. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in PuneethReddyHC ReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. This issue affects some unknown processing of the file action.php of the component POST Parameter Handler. Executing manipulation of the argument proId can lead to sql injection. The identification of this vulnerability is CVE-2025-51968. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in PuneethReddyHC ReddyHC Online Shopping System Advanced 1.0. It has been classified as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. Performing manipulation of the argument keyword results in sql injection. This vulnerability was named CVE-2025-51972. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in bPlugins B Slider Plugin up to 1.1.30 on WordPress and classified as problematic. This affects an unknown part. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-54734. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in emarket-design Employee Spotlight Plugin up to 5.1.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes deserialization. This vulnerability is handled as CVE-2025-53583. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in uxper Golo Plugin up to 1.7.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-54724. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Jason Theme Blvd Widget Areas Plugin up to 1.3.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-53289. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in bPlugins Tiktok Feed Plugin up to 1.0.21 on WordPress. This impacts an unknown function. Executing manipulation can lead to missing authorization. This vulnerability appears as CVE-2025-54710. The attack may be performed from a remote location. There is no available exploit.