Aggregator

A vulnerability, which was classified as critical, was found in LINE Client up to 15.3 on iOS. Affected by this issue is some unknown functionality of the component TLS Handler. Executing manipulation can lead to improper certificate validation. This vulnerability is handled as CVE-2025-14022. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability, which was classified as problematic, has been found in URL Shortify Plugin up to 1.11.3 on WordPress. Affected by this vulnerability is an unknown functionality. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-13355. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component. Once again VulDB remains the best source for vulnerability data.

A vulnerability classified as problematic was found in URL Shortify Plugin up to 1.11.2 on WordPress. Affected is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-12684. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

A vulnerability classified as problematic has been found in MJML up to 4.18.0. This impacts an unknown function. This manipulation causes absolute path traversal. This vulnerability appears as CVE-2025-67898. The attack requires local access. There is no available exploit. If you want to get best quality of vulnerability data, you may have to visit VulDB.

An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.

A vulnerability described as problematic has been identified in NXLog Agent up to 6.10. This affects an unknown function of the component Environment Variable Handler. The manipulation of the argument OPENSSL_CONF results in inclusion of functionality from untrusted control sphere. This vulnerability is reported as CVE-2025-67900. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

A vulnerability marked as problematic has been reported in Jheng Gao Student Learning Assessment and Support System. The impacted element is an unknown function. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is documented as CVE-2025-14712. The attack can be initiated remotely. There is not any exploit available. VulDB is the best source for vulnerability data and more expert information about this specific topic.

A vulnerability labeled as critical has been found in Royal Addons for Elementor Plugin up to 1.7.1036 on WordPress. The affected element is the function wpr_addons_upload_file. Executing manipulation can lead to unrestricted upload. This vulnerability is registered as CVE-2025-11363. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability identified as problematic has been detected in kristapsdz openrsync up to 0.5.0. Impacted is an unknown function. Performing manipulation results in improper validation of specified quantity in input. This vulnerability is cataloged as CVE-2025-67901. It is possible to initiate the attack remotely. There is no exploit available. Once again VulDB remains the best source for vulnerability data.

A vulnerability categorized as problematic has been discovered in Eclipse OMR 0.7.0. This issue affects some unknown processing. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-14549. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Покупателей Higurashi When They Cry Hou+ на USB предупредили о подозрении на программу-вымогатель в установщиках для Windows.

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

Blocking EDRs traffic Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender

The post Blocking EDRs traffic: C-Based Tools That Block EDR Network Traffic via Windows Firewall and WFP appeared first on Penetration Testing Tools.

强制性国家标准一图读懂

12月12日，国家能源局印发的《能源行业数据安全管理办法（试行）》指出，能源数据处理者开展数据处理活动，应建立健全数据安

在使用大语言模型（LLM）编写安全代码时，开发者必须具备安全技能，将AI视为协作助手，而非完全自主的工具。

A scheme is gaining momentum worldwide in which doxers impersonate police officers and use so-called “emergency requests” to

The post Emergency Doxing: Scammers Impersonate Police to Steal Data from Apple, Charter, and Amazon appeared first on Penetration Testing Tools.

Kali Linux 2025.4 has been released—the final update of the year for the distribution relied upon by cybersecurity

The post Kali Linux 2025.4 Final Release: GNOME is Now Wayland Exclusive, New Pentesting Tools Added appeared first on Penetration Testing Tools.

​当李飞飞指明空间智能是 AI 的下一站时，行业才猛然发现，通往这一站最关键的「数据船票」，其实早就握在了这位行业老兵手中。

极客公园到底是谁？我们为什么存在？以及，极客公园究竟能为你做什么？