Mitigation

Critical Moodle Vulnerabilities Expose Learning Systems to SSRF and Privilege Escalation

CVE News

Critical Moodle Vulnerabilities Expose Learning Systems to SSRF and Privilege Escalation

A recent security audit has revealed critical vulnerabilities in Moodle, the widely adopted open-source learning management system...

Ripple’s xrpl.js Library Compromised in Supply Chain Attack: Technical Analysis

News

Ripple’s xrpl.js Library Compromised in Supply Chain Attack: Technical Analysis

A critical supply chain attack has compromised Ripple’s official JavaScript library, xrpl.js, injecting malicious code to steal...

Apache Web Server SQL Injection Vulnerability (CVE-2025-23176): Technical Analysis and Mitigation

CVE News

Apache Web Server SQL Injection Vulnerability (CVE-2025-23176): Technical Analysis and Mitigation

A newly disclosed SQL injection vulnerability (CVE-2025-23176) in Apache Web Server has been rated with a CVSS...

ManageWiki SQL Injection Vulnerability (CVE-2025-32956): Analysis and Mitigation

CVE News

ManageWiki SQL Injection Vulnerability (CVE-2025-32956): Analysis and Mitigation

A high-severity SQL injection vulnerability (CVE-2025-32956) has been identified in the ManageWiki MediaWiki extension, affecting versions prior...

Critical Buffer Overflow Vulnerability in H3C GR-3000AX Routers (CVE-2025-3854)

CVE News

Critical Buffer Overflow Vulnerability in H3C GR-3000AX Routers (CVE-2025-3854)

A critical buffer overflow vulnerability (CVE-2025-3854) has been identified in H3C GR-3000AX routers running firmware versions up...

Greenshift WordPress Plugin Vulnerability (CVE-2025-3616): Arbitrary File Upload Analysis

CVE News

Greenshift WordPress Plugin Vulnerability (CVE-2025-3616): Arbitrary File Upload Analysis

A critical vulnerability in the Greenshift WordPress plugin (CVE-2025-3616) allows authenticated attackers to upload arbitrary files, potentially...

Google OAuth and DKIM Replay Attack: How Phishers Spoofed Google’s Email Systems

Threat Intelligence

Google OAuth and DKIM Replay Attack: How Phishers Spoofed Google’s Email Systems

In a sophisticated phishing campaign, attackers exploited Google’s OAuth infrastructure and DKIM email authentication to send fraudulent...

Critical Authentication Bypass in Seclore v3.27.5.0 (CVE-2024-53591)

CVE News

Critical Authentication Bypass in Seclore v3.27.5.0 (CVE-2024-53591)

A critical vulnerability (CVE-2024-53591) has been identified in Seclore v3.27.5.0 that allows attackers to bypass authentication through...

GoBGP Zero-Value Software Version Len Panic Vulnerability (CVE-2025-43971): Analysis and Mitigation

CVE News

GoBGP Zero-Value Software Version Len Panic Vulnerability (CVE-2025-43971): Analysis and Mitigation

A critical vulnerability (CVE-2025-43971) affecting GoBGP versions prior to 3.35.0 was disclosed on April 21, 2025. The...

Critical Buffer Overflow Vulnerability in Tenda W12 and i24 Routers (CVE-2025-3820)

CVE News

Critical Buffer Overflow Vulnerability in Tenda W12 and i24 Routers (CVE-2025-3820)

A newly disclosed critical vulnerability (CVE-2025-3820) affecting Tenda W12 and i24 routers allows remote attackers to execute...

Cisco Webex Vulnerability (CVE-2025-20236) Enables Remote Code Execution via Malicious Links

CVE News

Cisco Webex Vulnerability (CVE-2025-20236) Enables Remote Code Execution via Malicious Links

Cisco has issued patches for a high-severity vulnerability (CVE-2025-20236) in its Webex software that allows unauthenticated attackers...

CVE-2025-31911: Critical SQL Injection Vulnerability in WordPress Social Share And Social Locker Plugin

CVE News

CVE-2025-31911: Critical SQL Injection Vulnerability in WordPress Social Share And Social Locker Plugin

A critical SQL injection vulnerability (CVE-2025-31911) has been identified in the WordPress plugin “Social Share And Social...

Dell PowerProtect Data Domain Vulnerability (CVE-2025-29987): Root Access Exploit Analysis

CVE News

Dell PowerProtect Data Domain Vulnerability (CVE-2025-29987): Root Access Exploit Analysis

A critical vulnerability (CVE-2025-29987) in Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS)...

GitHub Expands Security Tools Following 39 Million Secret Leaks in 2024

Data Breach

GitHub Expands Security Tools Following 39 Million Secret Leaks in 2024

GitHub has introduced new security measures after its systems detected 39 million exposed secrets—including API keys, tokens,...

Verizon Call Filter API Vulnerability Exposed Customer Call Logs via Unsecured Endpoint

CVE News

Verizon Call Filter API Vulnerability Exposed Customer Call Logs via Unsecured Endpoint

A security flaw in Verizon’s Call Filter API allowed unauthorized access to customers’ incoming call histories due...

AssetView Vulnerability Exposes Systems to Unauthenticated File Access and Deletion (CVE-2025-25060)

CVE News

AssetView Vulnerability Exposes Systems to Unauthenticated File Access and Deletion (CVE-2025-25060)

A critical vulnerability in AssetView and AssetView CLOUD (CVE-2025-25060) has been disclosed, allowing unauthenticated attackers to access...

Critical Path Traversal Vulnerability in FortiSIEM (CVE-2023-40714) Allows Privilege Escalation

CVE News

Critical Path Traversal Vulnerability in FortiSIEM (CVE-2023-40714) Allows Privilege Escalation

A critical vulnerability (CVE-2023-40714) affecting multiple versions of Fortinet’s FortiSIEM security information and event management solution has...

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

CVE News

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

A critical path traversal vulnerability (CVE-2025-31131) has been identified in YesWiki, a PHP-based wiki system, with a...

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

CVE News

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

A critical SQL injection vulnerability (CVE-2025-30807) has been identified in the Next-Cart Store to WooCommerce Migration plugin,...

Critical SQL Injection Vulnerability in WooCommerce Order Splitter Plugin (CVE-2025-31089)

CVE News

Critical SQL Injection Vulnerability in WooCommerce Order Splitter Plugin (CVE-2025-31089)

A high-severity SQL injection vulnerability (CVE-2025-31089) has been identified in Fahad Mahmood’s Order Splitter for WooCommerce plugin,...

Posts pagination

Previous 1 2 3 4 5 6 7 Next

Mitigation

Critical Moodle Vulnerabilities Expose Learning Systems to SSRF and Privilege Escalation

Ripple’s xrpl.js Library Compromised in Supply Chain Attack: Technical Analysis

Apache Web Server SQL Injection Vulnerability (CVE-2025-23176): Technical Analysis and Mitigation

ManageWiki SQL Injection Vulnerability (CVE-2025-32956): Analysis and Mitigation

Critical Buffer Overflow Vulnerability in H3C GR-3000AX Routers (CVE-2025-3854)

Greenshift WordPress Plugin Vulnerability (CVE-2025-3616): Arbitrary File Upload Analysis

Google OAuth and DKIM Replay Attack: How Phishers Spoofed Google’s Email Systems

Critical Authentication Bypass in Seclore v3.27.5.0 (CVE-2024-53591)

GoBGP Zero-Value Software Version Len Panic Vulnerability (CVE-2025-43971): Analysis and Mitigation

Critical Buffer Overflow Vulnerability in Tenda W12 and i24 Routers (CVE-2025-3820)

Cisco Webex Vulnerability (CVE-2025-20236) Enables Remote Code Execution via Malicious Links

CVE-2025-31911: Critical SQL Injection Vulnerability in WordPress Social Share And Social Locker Plugin

Dell PowerProtect Data Domain Vulnerability (CVE-2025-29987): Root Access Exploit Analysis

GitHub Expands Security Tools Following 39 Million Secret Leaks in 2024

Verizon Call Filter API Vulnerability Exposed Customer Call Logs via Unsecured Endpoint

AssetView Vulnerability Exposes Systems to Unauthenticated File Access and Deletion (CVE-2025-25060)

Critical Path Traversal Vulnerability in FortiSIEM (CVE-2023-40714) Allows Privilege Escalation

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

Critical SQL Injection Vulnerability in WooCommerce Order Splitter Plugin (CVE-2025-31089)

You may have missed

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Google Chrome’s Security Update: Blocking Admin-Level Launches in Windows

Australian Human Rights Commission Data Breach: Technical Analysis and Impact