Aggregator

A vulnerability labeled as critical has been found in JAY Login & Register Plugin up to 2.4.01 on WordPress. This vulnerability affects the function jay_login_register_process_switch_back. Executing manipulation can lead to improper authentication. This vulnerability is tracked as CVE-2025-14440. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in Easy Theme Options Plugin up to 1.0 on WordPress. This affects an unknown part of the component Setting Import Handler. Performing manipulation of the argument eto_import_settings results in missing authorization. This vulnerability is identified as CVE-2025-14367. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Ays Image Slider Plugin up to 2.7.0 on WordPress. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-14454. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability marked as critical has been reported in python-utcp up to 1.0.x. This impacts an unknown function. The manipulation leads to trust boundary violation. This vulnerability is traded as CVE-2025-14542. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

Currently trending CVE - Hype Score: 1 - Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a ...

Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accusing Moscow of cyber attacks against its air traffic control authority and running a disinformation campaign ahead of February’s election. The German government announced it has clear evidence linking an August […]

A vulnerability classified as problematic was found in Glitter Unicorn Wallpaper App 7.x/8.0 on Android. This affects an unknown function. Executing manipulation can lead to denial of service. The identification of this vulnerability is CVE-2023-29723. The attack can only be executed locally. There is no exploit available.

A vulnerability has been found in SofaWiki up to 3.8.9 and classified as critical. Affected by this vulnerability is an unknown functionality. Performing manipulation results in unrestricted upload. This vulnerability is identified as CVE-2023-29721. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability has been found in Glitter Unicorn Wallpaper App 7.x/8.0 on Android and classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes improper authorization. This vulnerability is tracked as CVE-2023-29722. The attack is restricted to local execution. No exploit exists.

A vulnerability was found in SofaWiki up to 3.8.9. It has been classified as problematic. Affected by this issue is some unknown functionality of the file index.php. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2023-29720. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in Vade Secure Gateway and classified as problematic. The affected element is an unknown function of the file /css/. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2023-29713. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Vade Secure Gateway and classified as problematic. The impacted element is an unknown function of the component Cookie Handler. Executing manipulation of the argument username/password/language can lead to cross site scripting. This vulnerability is tracked as CVE-2023-29714. The attack can be launched remotely. No exploit exists.