SECUROTROP
You must login to view this content
Aggregator
SECUROTROP
9 months 1 week ago
You must login to view this content
cohenido
CVE-2025-58146 | Xen XAPI privilege escalation
9 months 1 week ago
A vulnerability identified as problematic has been detected in Xen. The impacted element is an unknown function of the component XAPI. This manipulation causes privilege escalation.
This vulnerability is registered as CVE-2025-58146. The attack requires access to the local network. No exploit is available.
Applying a patch is the recommended action to fix this issue.
vuldb.com
SECUROTROP
9 months 1 week ago
You must login to view this content
cohenido
Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari
9 months 1 week ago
A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safari browser. The finding highlights the importance of testing for diverse browser behaviors during security assessments. Discovery […]
The post Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
CVE-2025-58145 | Xen P2M Lock privilege escalation
9 months 1 week ago
A vulnerability categorized as problematic has been discovered in Xen. The affected element is an unknown function of the component P2M Lock. The manipulation results in privilege escalation.
This vulnerability is cataloged as CVE-2025-58145. The attack must originate from the local network. There is no exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2025-58144 | Xen null pointer dereference
9 months 1 week ago
A vulnerability was found in Xen. It has been rated as critical. Impacted is an unknown function. The manipulation leads to null pointer dereference.
This vulnerability is listed as CVE-2025-58144. The attack must be carried out from within the local network. There is no available exploit.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
CVE-2025-58143 | Xen Reference TSC Page race condition
9 months 1 week ago
A vulnerability was found in Xen. It has been declared as problematic. This issue affects some unknown processing of the component Reference TSC Page. Executing manipulation can lead to race condition.
This vulnerability is tracked as CVE-2025-58143. The attack is only possible within the local network. No exploit exists.
A patch should be applied to remediate this issue.
vuldb.com
SECUROTROP
9 months 1 week ago
You must login to view this content
cohenido
CVE-2025-58142 | Xen SIM Page null pointer dereference
9 months 1 week ago
A vulnerability was found in Xen. It has been classified as critical. This vulnerability affects unknown code of the component SIM Page. Performing manipulation results in null pointer dereference.
This vulnerability is identified as CVE-2025-58142. The attack can only be performed from the local network. There is not any exploit available.
It is suggested to install a patch to address this issue.
vuldb.com
CVE-2025-27466 | Xen Reference TSC Area null pointer dereference
9 months 1 week ago
A vulnerability was found in Xen and classified as critical. This affects an unknown part of the component Reference TSC Area. Such manipulation leads to null pointer dereference.
This vulnerability is referenced as CVE-2025-27466. The attack needs to be initiated within the local network. No exploit is available.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2025-9855 | Enhanced BibliPlug Plugin up to 1.3.8 on WordPress Shortcode bibliplug_authors cross site scripting
9 months 1 week ago
A vulnerability has been found in Enhanced BibliPlug Plugin up to 1.3.8 on WordPress and classified as problematic. Affected by this issue is the function bibliplug_authors of the component Shortcode Handler. This manipulation causes cross site scripting.
The identification of this vulnerability is CVE-2025-9855. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-9633 | LH Signing Plugin up to 2.83 on WordPress Setting plugin_options cross-site request forgery
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in LH Signing Plugin up to 2.83 on WordPress. Affected by this vulnerability is the function plugin_options of the component Setting Handler. The manipulation results in cross-site request forgery.
This vulnerability was named CVE-2025-9633. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-8398 | azurecurve BBCode Plugin up to 2.0.4 on WordPress Shortcode url cross site scripting
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in azurecurve BBCode Plugin up to 2.0.4 on WordPress. Affected is the function url of the component Shortcode Handler. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-8398. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
Radar New Threat Actor
9 months 1 week ago
You must login to view this content
cohenido
CVE-2025-9617 | Publish Approval Plugin up to 1.1 on WordPress Setting publish_save_option cross-site request forgery
9 months 1 week ago
A vulnerability classified as problematic was found in Publish Approval Plugin up to 1.1 on WordPress. This impacts the function publish_save_option of the component Setting Handler. Executing manipulation can lead to cross-site request forgery.
This vulnerability is handled as CVE-2025-9617. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-9620 | SEO Monster Plugin up to 3.3.3 on WordPress Setting check_integration cross-site request forgery
9 months 1 week ago
A vulnerability classified as problematic has been found in SEO Monster Plugin up to 3.3.3 on WordPress. This affects the function check_integration of the component Setting Handler. Performing manipulation results in cross-site request forgery.
This vulnerability is known as CVE-2025-9620. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-9128 | eID Easy Plugin up to 4.9.3 on WordPress cross site scripting
9 months 1 week ago
A vulnerability described as problematic has been identified in eID Easy Plugin up to 4.9.3 on WordPress. The impacted element is an unknown function. Such manipulation of the argument ID leads to cross site scripting.
This vulnerability is traded as CVE-2025-9128. The attack may be launched remotely. There is no exploit available.
vuldb.com
AI is everywhere, but scaling it is another story
9 months 1 week ago
AI is being adopted across industries, but many organizations are hitting the same obstacles, according to Tines. IT leaders say orchestration is the key to scaling AI. They point to governance, visibility, and collaboration as the critical areas executives need to watch. Views on Al and orchestration in the organization (Source: Tines) Companies invest heavily in AI Organizations are pouring resources into AI, yet many initiatives remain isolated or slow-moving. Without a coordinated approach, AI … More →
The post AI is everywhere, but scaling it is another story appeared first on Help Net Security.
Anamarija Pogorelec
The Gentleman New Threat Actor
9 months 1 week ago
You must login to view this content
cohenido