Aggregator

A vulnerability has been found in Last.fm Recent Album Artwork Plugin up to 1.0.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lastfm_albums_artwork.php of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-7684. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Intl DateTime Calendar Plugin up to 1.0.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument Date leads to cross site scripting. This vulnerability is documented as CVE-2025-8293. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in weichuncai WP伪春菜 Plugin up to 1.5 on WordPress. It has been classified as problematic. This affects an unknown part of the file sm-options.php of the component Setting Handler. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2025-7686. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in Anber Elementor Addon Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is an unknown functionality of the component Banner Button Link Handler. Executing manipulation of the argument anber_item can lead to cross site scripting. This vulnerability is registered as CVE-2025-7439. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in StoryChief Plugin up to 1.0.42 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the file /wp-json/storychief/webhook of the component API Endpoint. The manipulation results in unrestricted upload. This vulnerability is known as CVE-2025-7441. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, was found in Linux Promotional Plugin up to 1.4 on WordPress. Affected is an unknown function of the file inux-promotional-plugin.php of the component Setting Handler. Executing manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2025-7668. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in AL Pack Plugin up to 1.0.2 on WordPress. It has been rated as critical. This issue affects the function check_activate_permission of the file /wp-json/presslearn/v1/activate of the component Unauthenticated Premium Feature Handler. Performing manipulation results in missing authorization. This vulnerability was named CVE-2025-7664. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in LatestCheckins Plugin on WordPress. This impacts an unknown function of the component Setting Handler. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2025-7683. The attack may be performed from a remote location. There is no available exploit.

A vulnerability classified as critical has been found in WPGYM Plugin up to 67.7.0 on WordPress. Affected is an unknown function of the component Account Creation Handler. Performing manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-6080. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Surbma Plugin up to 2.0 on WordPress. This affects the function recent-comments of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-7649. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component ksmbd. This manipulation causes resource consumption. This vulnerability appears as CVE-2025-38501. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Anber Elementor Addon Plugin up to 1.0.1 on WordPress. The impacted element is an unknown function. The manipulation of the argument $item['button_link']['url'] results in cross site scripting. This vulnerability is identified as CVE-2025-7440. The attack can be executed remotely. There is not any exploit available.

为了更好地培养学生掌握先进的数据挖掘与分析方法，锻炼学生敏锐的情报洞察力，为将来投身于开源情报领域的工作奠定坚实的基础。特举办“第三届全国大学生开源情报数据采集与分析大赛”。

1.摘要本报告全面详细说明了在主岛及其近海部署的位置、地址、地理坐标和具体类型的雷达。

monkey365 Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365 but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead...

The post monkey365: conduct Microsoft 365, Azure subscriptions and Azure Active Directory security configuration reviews appeared first on Penetration Testing Tools.

SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...

The post SQLiDetector: detect SQL injection Error based appeared first on Penetration Testing Tools.

The APT-C-36 group (Blind Eagle) intensified its operations in May 2025, focusing attacks on Colombian government institutions and major corporations, as well as on organizations in other South American countries, including Ecuador, Chile, and...

The post Beyond Phishing: A Closer Look at Blind Eagle’s New, More Stealthy Attacks appeared first on Penetration Testing Tools.

The British company Stock in the Channel (STIC), which provides a digital platform for monitoring the availability and pricing of IT equipment, has reported a cyberattack that caused a large-scale disruption of its services....

The post Zero-Day Attack Takes Down Stock in the Channel, Disrupting IT Supply Chain appeared first on Penetration Testing Tools.

The first release of the Linux 6.17 kernel has arrived—yet it contains no updates related to the bcachefs file system. And the reason lies not in technical shortcomings. On August 10, Linus Torvalds announced...

The post The “Human Factor”: Why a Next-Gen Linux Filesystem Is on the Ropes appeared first on Penetration Testing Tools.

Обычное письмо, одна ссылка — и дверь в сеть уже открыта.