Aggregator

A vulnerability, which was classified as problematic, has been found in Woocommerce Blocks Plugin up to 1.7.0 on WordPress. This vulnerability affects unknown code. The manipulation of the argument tab leads to file inclusion. This vulnerability was named CVE-2024-8393. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in WPGYM Plugin up to 67.7.0 on WordPress. This affects an unknown part of the component Password Update Handler. The manipulation of the argument page leads to file inclusion. This vulnerability is uniquely identified as CVE-2025-3671. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in School Management System Plugin up to 93.2.0 on WordPress. Affected by this issue is some unknown functionality of the file homework.php. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-6079. The attack may be launched remotely. There is no exploit available.

A vulnerability described as problematic has been identified in Bunkerity Bunker Web 1.6.2 on Linux. Affected by this vulnerability is an unknown functionality. The manipulation leads to open redirect. This vulnerability is known as CVE-2025-8066. The attack can be launched remotely. There is no exploit available.

The rules, introduced during the Biden administration, would force telecoms to notify customers when their personally identifiable information is exposed in a hack.

The post Court upholds FCC data breach reporting rules on telecom sector appeared first on CyberScoop.

A vulnerability marked as problematic has been reported in makeplane plane up to 0.27.x. Affected is an unknown function. The manipulation of the argument description_html leads to cross site scripting. This vulnerability is traded as CVE-2025-55203. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Xolluteon Dropshix Plugin up to 4.0.14 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-49898. The attack may be initiated remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in withastro astro up to 9.4.0. This vulnerability affects unknown code of the file //astro.build/press. The manipulation leads to open redirect. This vulnerability was named CVE-2025-55207. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in gopiplus Vertical Scroll Slideshow Gallery V2 Plugin up to 9.1 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-49897. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in FWDesign Ultimate Video Player Plugin up to 10.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-49432. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in FirebirdSQL Firebird up to 3.0.12/4.0.5/5.0.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component XDR Message Handler. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-54989. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in FirebirdSQL Firebird. It has been classified as problematic. Affected is an unknown function of the file firebird.conf. The manipulation leads to improper check for unusual conditions. This vulnerability is traded as CVE-2025-24975. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Autodesk AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD MAP 3D, Civil 3D and Advance Steel and classified as critical. This issue affects some unknown processing of the component DGN File Parser. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-5048. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Autodesk AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD MAP 3D, Civil 3D and Advance Steel and classified as critical. This vulnerability affects unknown code of the component DGN File Parser. The manipulation of the argument Uninitialized leads to use of uninitialized variable. This vulnerability was named CVE-2025-5047. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Autodesk AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD MAP 3D, Civil 3D and Advance Steel. This affects an unknown part of the component DGN File Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-5046. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talos to an activity cluster it tracks as UAT-7237, which is believed to be active since at least 2022.

«Большая сестра Билли» ждала его в Нью-Йорке, но в жизни её не существовало.

All You Need Is MCP - LLMs Solving a DEF CON CTF Finals Challenge by ourren

AIxCC Competition Archive 比赛代码开源 by ourren

更多最新文章，请访问SecWiki

听说过 David Woodard 吗？这位美国作家兼指挥家的维基条目一度拥有 335 种语言版本，高居维基条目语言版本数第一。此事引起了很多人的好奇，一位志愿者编辑 Grnrchst 对此展开了深入调查，揭发了维基百科历史上最大规模的自我推销行动，结果是 David Woodard 的条目被大规模删除，目前只剩下 18 种语言版本。Grnrchst 发现，这次行动持续了 10 多年，使用了多达 200 个账户和大量代理 IP 地址。在英文版中，从 2015 年起相关账户将 David Woodard 的名字植入到至少 93 篇条目中，且常引用他本人发表的资料。从 2017 年到 2019 年，相关账户用至少 92 种不同语言创建 David Woodard 相关的条目。平均每六天创建一篇新条目。这些账户最初使用拉丁语系的欧洲语言，然后很快扩大到世界其它语系和文字，甚至还使用人造语言(Constructed Languages)。Grnrchst 认为这些账户是在滥用机器翻译。在短暂减少活动之后，从 2021 年 12 月到 2025 年 6 月不同账户又创建了 183 篇 Woodard 相关条目。这些账户都遵循同一种行为模式：使用普通的名字，还附有图片，它们首先对数十个条目进行细微的修改，然后创建一个  David Woodard 条目，然后再进行几十次小的修改，最后销声匿迹。Grnrchst 认为这是一次持续了十年的自我推销行动，这些账户和代理背后或者是 Woodard 本人或者是其亲密的人。