Aggregator

Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)

Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)

Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload

Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Currently trending CVE - Hype Score: 1 - Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 ...

Currently trending CVE - Hype Score: 10 - VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if ...

Currently trending CVE - Hype Score: 10 - This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, ...

Currently trending CVE - Hype Score: 1 - A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to ...

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 4th of April 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457, a critical vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, to its Known Exploited Vulnerabilities (KEV) Catalog. This stack-based buffer overflow, actively exploited since mid-March 2025, allows remote unauthenticated attackers to achieve remote code execution (RCE), threatening organizations using these VPN and […]

The post CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog appeared first on Cyber Security News.

Ransomware Attack Update for the 4th of April 2025

Microsoft celebrated its 50th anniversary on April 4, 2025, reflecting on its journey since Bill Gates and Paul Allen founded the company in 1975. The milestone event, held at Microsoft’s Redmond, Washington headquarters, blended nostalgia with cutting-edge AI advancements, particularly through its Copilot platform, while highlighting the transformative role of technology in gaming, education, and […]

The post Microsoft Celebrates 50th Anniversary! appeared first on Cyber Security News.

Cybersecurity Wonks Find Fault With Home Office Ransomware Proposals
A collection of British cybersecurity policy wonks poured cold water over a British government proposal to outlaw ransom payments by government agencies and from regulated operators of critical infrastructure. A ban wouldn't likely represent a significant blow to ransomware profits.