Aggregator

A vulnerability classified as problematic has been found in BruteBank Plugin up to 1.8 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2022-4443. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Search & Filter Plugin up to 1.2.15 on WordPress. This vulnerability affects unknown code of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2022-4467. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Easy Bootstrap Shortcode Plugin up to 4.5.4 on WordPress. Affected is an unknown function of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-4576. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Optimize images ALT Text & Names for SEO using AI Plugin up to 2.0.7 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-4548. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Login Logout Menu Plugin up to 1.3.x on WordPress. It has been classified as problematic. This affects an unknown part of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-4625. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Simple Shopping Cart Plugin up to 4.6.1 on WordPress. Affected is an unknown function of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-4672. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Rate My Post Plugin up to 3.3.8 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-4673. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

本文介绍利用哥斯拉插件免杀上线msf和cs的方法，涵盖Shellcode Loader和meterpreter插件的使用步骤及测试效果，剖析其原理，总结哥斯拉工具的设计理念和架构优势。

ETW是Windows提供的事件跟踪机制，由提供者、跟踪会话和消费者组成。通过API可注册、查询和控制提供者及事件，如EventRegister、StartTrace等。文章分析了ETW的核心结构（EVENT_DESCRIPTOR）及其成员含义，并探讨了针对ETW的对抗技术，包括移除提供者、修改Properties、Hook EtwEventWrite及会话劫持等方法。同时介绍了内核中EtwTi函

Next.js 中间件鉴权绕过漏洞 (CVE-2025-29927)

通过对现有vaadin反序列化链进行分析，结合tabby代码辅助审计工具，尝试对vaadin中新的反序列化链进行挖掘，并给出利用poc

递归请求5次则可以跳过权限校验

Lawsuits Allege Cybercrime Gang Medusa Stole Data of 132,000 People
An Arizona-based medical imaging practice with locations in 11 states is notifying patients that their data was compromised in a January cyberattack. Litigation filed against the company allege ransomware gang Medusa stole sensitive data pertaining to at least 132,000 people in the incident.

Inside North Korea's IT Scam Network Now Shifting to Europe
North Koreans posing as remote IT workers have spread to Europe, where one Pyongyang fraudster assumed at least 12 personas to target companies in Germany, Portugal and the United Kingdom. Western companies have grappled for years with the prospect of unintentionally hiring a North Korean national.

Integrated Tools Across Generative AI Security, DSPM, DDR Key to Growth Strategy
Cyberhaven is building a data security platform to address evolving risks in generative AI, DSPM and beyond. Backed by $100 million, CEO Howard Ting says the firm will use the funds to expand its portfolio and go-to-market footprint while staying independent.

Chinese Hackers Are Pre-Positioned, and Top Officials Could Be Making Matters Worse
Experts told lawmakers on Wednesday that without urgent federal action to strengthen cyber defenses and additional efforts to improve the cybersecurity practices of some of the highest ranking government officials, another Salt Typhoon attack could be just around the corner.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A vulnerability was found in Ofofonobs HubBank 1.0.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-4310. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in MailerLite Plugin 1.5.0/1.7.6 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-1386. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Where Did You Hear About Us Checkout Field for WooCommerce Plugin up to 1.3.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-2752. The attack can be launched remotely. There is no exploit available.