Aggregator

A vulnerability, which was classified as critical, was found in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. This vulnerability is reported as CVE-2025-14607. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

Submit #705036 / VDB-336283

A vulnerability, which was classified as critical, has been found in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization. This vulnerability is documented as CVE-2025-14606. The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

The billboards, located near Toronto’s Union Station, reportedly analyze only the age and gender of people nearby, according to their owner.

Submit #704138 / VDB-336282

MCP is transforming AI agent connectivity, but authentication is the critical gap. Learn about Shadow IT risks, enterprise requirements, and solutions.

The post What Tech Leaders Need to Know About MCP Authentication in 2025 appeared first on Security Boulevard.

The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.

A vulnerability classified as problematic was found in Header Footer Script Adder Plugin up to 2.0.5 on WordPress. Affected is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-12109. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in Social Media Auto Publish Plugin up to 3.6.5 on WordPress. This impacts an unknown function. Performing manipulation of the argument PostMessage results in cross site scripting. This vulnerability is cataloged as CVE-2025-12076. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in All-in-One Addons for Elementor Plugin up to 2.5.6 on WordPress. This affects an unknown function of the component Countdown Widget. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-8779. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Custom Frames Plugin up to 1.0.1 on WordPress. The impacted element is the function customframe of the component Shortcode Handler. This manipulation of the argument Class causes cross site scripting. This vulnerability is tracked as CVE-2025-13705. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in Quick Testimonials Plugin up to 2.1 on WordPress. The affected element is an unknown function of the component Setting Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-14378. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Redux Framework Plugin up to 4.5.8 on WordPress. Impacted is an unknown function. The manipulation of the argument data leads to cross site scripting. This vulnerability is referenced as CVE-2025-9488. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as problematic has been discovered in Popover Windows Plugin up to 1.2 on WordPress. This issue affects some unknown processing of the component Setting Handler. Executing manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2025-14394. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in WP to LinkedIn Auto Publish Plugin up to 1.9.8 on WordPress. It has been rated as problematic. This vulnerability affects unknown code. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-12077. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Filter & Grids Plugin up to 3.2.0 on WordPress. It has been declared as critical. This affects an unknown part. Such manipulation of the argument phrase leads to sql injection. This vulnerability is uniquely identified as CVE-2025-10289. The attack can be launched remotely. No exploit exists.

A vulnerability was found in a3 Lazy Load Plugin up to 2.7.5 on WordPress. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-9873. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Colibri Page Builder Plugin up to 1.0.335 on WordPress and classified as problematic. Affected by this vulnerability is the function colibri_loop. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-11376. It is possible to launch the attack remotely. No exploit is available.

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,

The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.

Israeli cybersecurity firms raised $4.4B in 2025 as funding rounds jumped 46%. Record seed and Series A activity signals a maturing, globally dominant cyber ecosystem.

The post Funding of Israeli Cybersecurity Soars to Record Levels  appeared first on Security Boulevard.