Aggregator

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-6403. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in wp-file-download Plugin up to 6.2.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5034. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Element Pack Addons for Elementor Plugin up to 8.0.0 on WordPress. This issue affects some unknown processing. The manipulation of the argument data-caption leads to cross site scripting. The identification of this vulnerability is CVE-2025-5944. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in YayCommerce YaySMTP Plugin up to 6.8.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-53256. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. This vulnerability is traded as CVE-2025-6363. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in code-projects Hostel Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /empty_rooms.php. The manipulation of the argument search_box leads to sql injection. This vulnerability is handled as CVE-2025-6296. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-6281. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability was found in WP-FeedStats tarteaucitron.io Plugin up to 1.9.4 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Query Parameter Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-4955. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Пока вы ждёте созвона, чужие руки копаются в ваших файлах.

Linux 新闻网站 Phoronix 在一台配备了 AMD Ryzen 9 9950X 的 Ubuntu Linux 系统上测试了 Firefox 120 到 Firefox 141 Beta 的性能。Firefox 差不多一个月发布一个新版本，Firefox 120 是在 2023 年 11 月发布的，而 Firefox 最新正式版本是 Firefox 140，141 还是 Beta 状态。结果显示，Firefox 141 Beta 平均比 Firefox 120 快约 12%，内存占用也更低。Mozilla 还是在努力改进浏览器的。

Google has once again drawn the attention of cybersecurity experts following its implementation of a new user data protection mechanism in the Chrome browser—AppBound Cookie Encryption. Although the initiative reflects an ambitious stride toward...

The post Chrome Cookie Encryption Bypassed: “C4 Attack” Exploits Padding Oracle to Steal Cookies appeared first on Penetration Testing Tools.

GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a command-line interface or a web dashboard, offering comprehensive features such as logging, analytics, and token management. “We designed GitPhish explicitly for security teams looking to conduct assessments and build detection capabilities around Device Code Phishing in … More →

The post GitPhish: Open-source GitHub device code flow security assessment tool appeared first on Help Net Security.

StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet network security. Building on the proven security foundation of StealthAES, StealthMACsec delivers line-rate processing up to 10 Gbps on FPGA and even faster on ASIC while maintaining the highest levels of protection against sophisticated attacks. As Ethernet networks become increasingly critical to defense, industrial, and embedded systems, the need for link-layer security has never been greater. StealthMACsec addresses … More →

The post StealthMACsec strengthens Ethernet network security appeared first on Help Net Security.

生成式AI不是取代网络安全分析师的“银弹”

Каждая инструкция звучит убедительно, пока жертва не сталкивается с последствиями.

外设制造商称，任天堂使用新的加密方案有意锁定了 Switch 2 的 USB-C 端口，阻止第三方扩展坞和外设与之兼容。因抢先推出 Steam Deck 扩展坞而名声大振的 Jsaux 表示，因任天堂的行动该公司暂停了制造 Switch 2 扩展坞的计划。

A vulnerability, which was classified as problematic, was found in ThickBox JavaScript Library Plugin up to 3.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2537. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in prettyPhoto Library Plugin up to 3.1.6. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-2540. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Magnific Popups Library Plugin up to 1.1.0. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-5647. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Migration, Backup, Staging Plugin up to 0.9.116 on WordPress. This affects the function wpvivid_upload_import_files. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-5961. It is possible to initiate the attack remotely. There is no exploit available.