Aggregator

CVE-2025-2270 | Countdown, Coming Soon, Maintenance Plugin up to 2.8.9.1 on WordPress createCdObj file inclusion

VulDB Recent Entries
4 months 1 week ago
A vulnerability was found in Countdown, Coming Soon, Maintenance Plugin up to 2.8.9.1 on WordPress. It has been rated as critical. Affected by this issue is the function createCdObj. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2025-2270. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-32054 | JetBrains IntelliJ IDEA prior 2024.3/2024.2.4 idea.log log file

VulDB Recent Entries
4 months 1 week ago
A vulnerability was found in JetBrains IntelliJ IDEA. It has been classified as problematic. Affected is an unknown function of the file idea.log. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2025-32054. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-31483 | miniflux up to 2.2.6 Content Security Policy /proxy/ cross site scripting (GHSA-cq88-842x-2jhp)

VulDB Recent Entries
4 months 1 week ago
A vulnerability was found in miniflux up to 2.2.6 and classified as problematic. This issue affects some unknown processing of the file /proxy/ of the component Content Security Policy Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-31483. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-31126 | element-hq element-x-ios up to 25.03.7 element.json information disclosure (ID 2441)

VulDB Recent Entries
4 months 1 week ago
A vulnerability has been found in element-hq element-x-ios up to 25.03.7 and classified as problematic. This vulnerability affects unknown code of the file element.json. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-31126. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-31486 | vitejs vite up to 4.5.11/5.4.16/6.0.13/6.1.3/6.2.4 information disclosure

VulDB Recent Entries
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in vitejs vite up to 4.5.11/5.4.16/6.0.13/6.1.3/6.2.4. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-31486. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-31127 | element-hq element-x-android up to 25.03.3 element.json information disclosure (ID 2441)

VulDB Recent Entries
4 months 1 week ago
A vulnerability, which was classified as problematic, has been found in element-hq element-x-android up to 25.03.3. Affected by this issue is some unknown functionality of the file element.json. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-31127. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-47639 | api-platform core up to 3.2.4 JSON information exposure (GHSA-rfw5-cqjj-7v9r)

VulDB Recent Entries
4 months 1 week ago
A vulnerability classified as problematic was found in api-platform core up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component JSON Handler. The manipulation leads to information exposure through error message. This vulnerability is known as CVE-2023-47639. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Cybersecurity Experts Slam Oracle's Handling of Big Breach

DataBreachToday.com
4 months 1 week ago
Technology Giant Accused of Using 'Wordplay' to Previously Deny Breach Reports
Cybersecurity experts have slammed Oracle's handling of a large data breach that it's reportedly confirming to 140,000 affected cloud infrastructure clients - but only verbally, and not in writing - following nearly two weeks of it having denied that any such breach occurred.

Cryptohack Roundup: Q1 Sees Record Hacks

DataBreachToday.com
4 months 1 week ago
Also: SEC Drops Kraken, Consensys and Cumberland DRW Lawsuits
This week, hack stats, Hamas crypto funds seizure, conclusion of Kraken, Consensys and Cumberland DRW lawsuits, Kentucky dropped its Coinbase suit, Trump pardoned BitMex co-founders, Lazarus's new tactics, and Crocodilus malware's crypto targets.

DeepMind Warns of AGI Risk, Calls for Urgent Safety Measures

DataBreachToday.com
4 months 1 week ago
Enthusiasm for AI Development Is Outpacing Discussions on Safety
Google DeepMind executives outlined an approach to artificial general intelligence safety, warning of "severe harm" that can "permanently destroy humanity" if safeguards are not put in place before advanced artificial intelligence systems emerge. AGI could arrive by 2030, they predict.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

Help Net Security
4 months 1 week ago

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability was patched by Ivanti in ICS 22.7R2.6, released on February 11, 2025. But, apparently, the threat actor studied the patch and “uncovered through a complicated process, [that] it was possible to exploit 22.7R2.5 and earlier … More →

The post Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) appeared first on Help Net Security.

Zeljka Zorz

Managed ad