Aggregator

CVE-2025-2942 | Order Delivery Date Plugin up to 12.5.x on WordPress Private Post information disclosure (EUVD-2025-21114)

Vuldb Updates
1 week 3 days ago
A vulnerability was found in Order Delivery Date Plugin up to 12.5.x on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Private Post Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-2942. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6200 | GeoDirectory Plugin up to 2.8.119 on WordPress Shortcode Attribute cross site scripting (EUVD-2025-21113)

Vuldb Updates
1 week 3 days ago
A vulnerability was found in GeoDirectory Plugin up to 2.8.119 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-6200. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-6006 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Summer Schedule Schedule Name cross site scripting (EUVD-2024-47170)

Vuldb Updates
1 week 3 days ago
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-6006. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version."
vuldb.com

CVE-2024-6005 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Department Section Department Name cross site scripting (EUVD-2024-47169)

Vuldb Updates
1 week 3 days ago
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2024-6005. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version."
vuldb.com

Researchers Reveal How Hacktivist Groups Gain Attention and Choose Their Targets

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 week 3 days ago

Cybersecurity researchers at Graphika have unveiled comprehensive findings on the operational dynamics of hacktivist organizations, revealing sophisticated attention-seeking behaviors and strategic target selection methodologies. Through their ATLAS intelligence reporting platform, analysts have systematically monitored approximately 700 active and inactive hacktivist entities since 2022, encompassing state-sponsored personas, geopolitically aligned collectives supporting Russia and Ukraine, and regionally-focused […]

The post Researchers Reveal How Hacktivist Groups Gain Attention and Choose Their Targets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

INC

Dark Feed IO
1 week 3 days ago

You must login to view this content

cohenido

INC

Dark Feed IO
1 week 3 days ago

You must login to view this content

cohenido

INC

Dark Feed IO
1 week 3 days ago

You must login to view this content

cohenido

INC

Dark Feed IO
1 week 3 days ago

You must login to view this content

cohenido

CVE-2022-49936 | Linux Kernel up to 5.19.7 USB usb_reset_device deadlock (EUVD-2022-55192 / WID-SEC-2025-1350)

Vuldb Updates
1 week 3 days ago
A vulnerability classified as critical has been found in Linux Kernel up to 5.19.7. Affected is the function usb_reset_device of the component USB. The manipulation leads to deadlock. This vulnerability is traded as CVE-2022-49936. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-49939 | Linux Kernel up to 5.19.7 binder binder_deferred_release use after free (EUVD-2022-55189 / WID-SEC-2025-1350)

Vuldb Updates
1 week 3 days ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.19.7. Affected is the function binder_deferred_release of the component binder. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-49939. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41237 | VMware Cloud Foundation Virtual Machine Communication Interface out-of-bounds write (Nessus ID 242168 / WID-SEC-2025-1576)

Vuldb Updates
1 week 3 days ago
A vulnerability was found in VMware Cloud Foundation, vSphere Foundation, ESXi, Workstation, Fusion, Telco Cloud Platform and Telco Cloud Infrastructure. It has been classified as critical. This affects an unknown part of the component Virtual Machine Communication Interface. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-41237. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41239 | VMware ESXi vSockets uninitialized resource (Nessus ID 242168 / WID-SEC-2025-1576)

Vuldb Updates
1 week 3 days ago
A vulnerability was found in VMware ESXi, Cloud Foundation, Workstation, Fusion, Telco Cloud Platform, Telco Cloud Infrastructure and Tools. It has been rated as problematic. This issue affects some unknown processing of the component vSockets. The manipulation leads to uninitialized resource. The identification of this vulnerability is CVE-2025-41239. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41236 | VMware ESXi VMXNET3 Virtual Network Adapter out-of-bounds write (Nessus ID 242168 / WID-SEC-2025-1576)

Vuldb Updates
1 week 3 days ago
A vulnerability classified as critical has been found in VMware ESXi, Cloud Foundation, Workstation, Fusion, Telco Cloud Platform and Telco Cloud Infrastructure. Affected is an unknown function of the component VMXNET3 Virtual Network Adapter. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-41236. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56337 | Apache Tomcat up to 9.0.97/10.1.33/11.0.1 Incomplete Fix CVE-2024-50379 toctou (Nessus ID 213078 / WID-SEC-2024-3744)

Vuldb Updates
1 week 3 days ago
A vulnerability, which was classified as critical, was found in Apache Tomcat up to 9.0.97/10.1.33/11.0.1. This affects an unknown part of the component Incomplete Fix CVE-2024-50379. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2024-56337. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad