Aggregator

A vulnerability classified as problematic was found in Ninja Team Filebird Plugin up to 5.6.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-35166. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Salon Booking System Plugin up to 8.6 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper privilege management. This vulnerability was named CVE-2023-48319. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Ninja Team Filebird Plugin up to 6.3.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-53825. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Ninja Team Filebird Plugin up to 5.1.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2023-25966. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in SalesAgility SuiteCRM 7.12.7. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2022-45186. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in SalesAgility SuiteCRM 7.12.7. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2022-45185. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Matthew Fries MF Gig Calendar Plugin up to 1.2.1 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-33651. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Visualmodo Borderless Plugin up to 1.5.8 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-54211. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file profile.php. The manipulation of the argument Firstname/Last name leads to cross site scripting. This vulnerability is traded as CVE-2024-53481. It is possible to launch the attack remotely. There is no exploit available.

A leaked internal memo dated April 15, 2025, has sent shockwaves through the cybersecurity community, revealing that MITRE’s contract to operate the Common Vulnerabilities and Exposures (CVE) program is set to expire today, April 16, 2025. The letter, reportedly obtained from a reliable source and addressed to CVE Board Members, is signed by Yosry Barsoum, […]

The post MITRE Ends CVE Program Support – Leaked Internal Memo Confirms Departure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Под ударом – безопасность всего интернета.

A vulnerability was found in IBM AIX and VIOS and classified as problematic. Affected by this issue is some unknown functionality of the component perfstat Kernel Extension. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-47102. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM AIX and VIOS. Affected is an unknown function of the component TCP IP Kernel. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-52906. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SolarWinds Serv-U up to 15.5. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-45712. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. Affected is an unknown function of the component USB. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-3620. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

全球安全专业人员、厂商和政府机构仍可继续依赖CVE项目进行协调一致的漏洞追踪和响应工作。

Growattが提供するCloud portalには、複数の脆弱性が存在します。

For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that may derail the transaction. Strong due diligence, smart risk planning, and a shared security mindset can help keep deals on track and protect the business. Key cybersecurity risks in M&A 1. Inherited vulnerabilities: Acquiring a company means inheriting its existing cybersecurity weaknesses. If the target company has unresolved … More →

The post When companies merge, so do their cyber threats appeared first on Help Net Security.

National Instrumentsが提供するLabVIEWには、境界外書き込みの脆弱性が存在します。

ABBが提供する複数のM2M Gatewayのコンポーネントには、複数の脆弱性が存在します。