Aggregator

A vulnerability classified as problematic has been found in CloudVod Plugin up to 2.1.10 on WordPress. This affects an unknown part. The manipulation of the argument audio leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8071. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Structured Content Plugin up to 1.6.4 on WordPress. Affected is the function sc_fs_local_business of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-4608. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Taeggie Feed Plugin up to 0.1.10 on WordPress. It has been classified as problematic. This affects the function render of the component Shortcode Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-6382. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Post Grid Master Plugin up to 3.4.13 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument argsArray['read_more_text'] leads to cross site scripting. The identification of this vulnerability is CVE-2025-5084. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Dataverse Integration Plugin up to 2.81 on WordPress. This vulnerability affects the function get_password_reset_key of the file reset_password_link of the component REST Endpoint. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-7695. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in FunnelCockpit Plugin up to 1.4.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument Error leads to cross site scripting. This vulnerability was named CVE-2025-6588. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in iThoughts Advanced Code Editor Plugin up to 1.2.10 on WordPress and classified as problematic. This issue affects the function ithoughts_ace_update_options of the component Setting Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-7835. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Station Pro Plugin up to 2.4.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument width/height leads to cross site scripting. This vulnerability is traded as CVE-2025-7959. It is possible to launch the attack remotely. There is no exploit available.

The cybersecurity landscape is grappling with CVE-2025-5777, informally known as “CitrixBleed 2,” an out-of-bounds memory read vulnerability affecting Citrix NetScaler ADC and Gateway devices. This flaw, echoing the notorious CVE-2023-4966 from 2023, enables unauthenticated attackers to leak sensitive memory contents, including session tokens and authentication credentials, via malformed HTTP POST requests to the /p/u/doAuthentication.do endpoint. […]

The post Splunk Guide to Detect, Mitigate, and Respond to the CitrixBleed 2 Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Affiliate Plus Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function affiplus_settings of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-7690. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-2923. Attacking locally is a requirement. Furthermore, there is an exploit available.

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. This vulnerability is handled as CVE-2025-2913. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2924. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2914. Local access is required to approach this attack. Furthermore, there is an exploit available.

WhoFi surfaced last on the public repository ArXiv, stunning security teams with a proof-of-concept that turns ordinary 2.4 GHz routers into covert biometric scanners. Unlike camera-based systems, this neural pipeline fingerprints the unique way a body distorts Wi-Fi channel state information (CSI), letting an attacker identify someone from the opposite side of a plaster wall, […]

The post New AI-Powered Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy appeared first on Cyber Security News.

Какая брешь сумела дать преступникам доступ к самым охраняемым секретам Америки?

Even with all the new ways we stay in touch, Slack, Teams, DMs, email is still the backbone of business communication. That also makes it one of the easiest ways in for attackers.  A single message with the right subject line or attachment can lead to stolen logins, malware infections, or even full network access. […]

The post Top Email Security Risks for Businesses and How to Catch Them Before They Cause Damage  appeared first on ANY.RUN's Cybersecurity Blog.

Brave browser now blocks Microsoft Recall by default, preventing screenshots and protecting users’ browsing history on Windows 11.

FBI警告网络犯罪组织The Com通过多种手段实施网络攻击和非法活动，并招募未成年人以逃避刑罚。该组织涉及勒索软件、SWATting、勒索、分发儿童性虐待材料等行为，并通过游戏网站吸引成员。内部常因加密货币盗窃引发冲突甚至暴力事件。