Aggregator

CVE-2025-66107 | Scott Paterson Subscriptions & Memberships for PayPal Plugin up to 1.1.7 on WordPress authorization (EUVD-2025-198447)

Vuldb Updates
1 month 2 weeks ago
A vulnerability described as critical has been identified in Scott Paterson Subscriptions & Memberships for PayPal Plugin up to 1.1.7 on WordPress. This vulnerability affects unknown code. Executing manipulation can lead to missing authorization. This vulnerability is handled as CVE-2025-66107. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-66108 | Merlot Digital TNC Toolbox: Web Performance Plugin up to 2.0.4 on WordPress authorization (EUVD-2025-198446)

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, was found in Merlot Digital TNC Toolbox: Web Performance Plugin up to 2.0.4 on WordPress. The impacted element is an unknown function. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2025-66108. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-35028 | 0x4m4 HexStrike AI 33267047667b9accfbf0fdac1c1c7ff12f3a5512 API Endpoint EnhancedCommandExecutor os command injection (GCVE-1337-2025 / EUVD-2025-199938)

Vuldb Updates
1 month 2 weeks ago
A vulnerability identified as critical has been detected in 0x4m4 HexStrike AI 33267047667b9accfbf0fdac1c1c7ff12f3a5512. This affects the function EnhancedCommandExecutor of the component API Endpoint. Performing manipulation results in os command injection. This vulnerability is known as CVE-2025-35028. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2025-66114 | Theme Funda Show Variations as Single Products Woocommerce Plugin authorization (EUVD-2025-198440)

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, has been found in Theme Funda Show Variations as Single Products Woocommerce Plugin up to 2.0 on WordPress. The affected element is an unknown function. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2025-66114. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-58408 | Imagination Technologies Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/25.2 RTM2 use after free (EUVD-2025-199978)

Vuldb Updates
1 month 2 weeks ago
A vulnerability classified as critical has been found in Imagination Technologies Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/25.2 RTM2. This issue affects some unknown processing. Performing manipulation results in use after free. This vulnerability was named CVE-2025-58408. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6349 | Arm Valhall GPU Kernel Driver up to r54p1 use after free (EUVD-2025-199981)

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, was found in Arm Valhall GPU Kernel Driver and 5th Gen GPU Architecture Kernel Driver up to r54p1. The impacted element is an unknown function. The manipulation results in use after free. This vulnerability is identified as CVE-2025-6349. The attack is only possible with local access. There is not any exploit available. You should upgrade the affected component.
vuldb.com

The Dual Role of AI in Cybersecurity: Shield or Weapon?

Security Boulevard
1 month 2 weeks ago

Artificial intelligence isn’t just another tool in the security stack anymore – it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially..

The post The Dual Role of AI in Cybersecurity: Shield or Weapon? appeared first on Security Boulevard.

Alan Shimel

Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

Security Affairs
1 month 2 weeks ago
Australian Michael Clapsis got 7 years and 4 months in prison for Wi-Fi attacks at airports and on flights, stealing sensitive data. Australian man Michael Clapsis (44) was sentenced to 7 years and 4 months in prison for conducting Wi-Fi attacks at airports and on flights, stealing sensitive information, according to the Australian Federal Police […]
Pierluigi Paganini

Play

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

Hackers Registered 2,000+ Fake Holiday-Themed Online Stores to Steal User Payments

Cyber Security News
1 month 2 weeks ago

With the holiday shopping season kicking into high gear, a massive cybersecurity threat has emerged, putting online shoppers at significant risk. A coordinated campaign has been discovered, involving the registration of over 2,000 fake holiday-themed online stores. These malicious sites are designed to lure unsuspecting consumers with the promise of steep discounts, only to steal […]

The post Hackers Registered 2,000+ Fake Holiday-Themed Online Stores to Steal User Payments appeared first on Cyber Security News.

Tushar Subhra Dutta

BreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive Year

Cyber Security News
1 month 2 weeks ago

New York, New York, December 1st, 2025, CyberNewswire BreachLock, the global leader in Penetration Testing as a Service (PTaaS), has been named a Leader and Fast Mover in the 2025 GigaOm Radar Report for PTaaS for the third year in a row. The GigaOm Radar Report for PTaaS is published annually to help security leaders and practitioners […]

The post BreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive Year appeared first on Cyber Security News.

Cybernewswire

CVE-2025-54527 | JetBrains YouTrack iFrame Configuration ui layer

Vuldb Updates
1 month 2 weeks ago
A vulnerability classified as problematic was found in JetBrains YouTrack. The impacted element is an unknown function of the component iFrame Configuration Handler. The manipulation results in improper restriction of rendered ui layers. This vulnerability is known as CVE-2025-54527. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-54063 | CherryHQ cherry-studio up to 1.5.0 URL code injection

Vuldb Updates
1 month 2 weeks ago
A vulnerability described as critical has been identified in CherryHQ cherry-studio up to 1.5.0. The impacted element is an unknown function of the component URL Handler. Such manipulation leads to code injection. This vulnerability is documented as CVE-2025-54063. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-54382 | CherryHQ cherry-studio 1.5.1 Oauth Auth Redirection Endpoint os command injection

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, has been found in CherryHQ cherry-studio 1.5.1. This affects an unknown part of the component Oauth Auth Redirection Endpoint. This manipulation causes os command injection. This vulnerability is registered as CVE-2025-54382. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

Managed ad