15 threats in this category
King Addons for Elementor plugin (10,000+ sites) has two critical unauthenticated vulnerabilities enabling full site takeover. CVE-2025-6327: arbitrary file upload via exposed AJAX handler—attackers c…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Debian released patches for Squid proxy covering CVE-2025-62168: missing redaction of authentication data leading to information disclosure. Leonardo Giovanni discovered the flaw. Squid is a widely de…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Ubuntu issued USN-7837-1 for GStreamer Good Plugins, addressing CVE-2025-47219 that can cause denial of service or information disclosure via malformed media files. Updates are available for Ubuntu 20…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
The Register reports active exploitation of WSUS CVE-2025-59287, with telemetry noting ~100,000 exploitation hits in seven days and ~500,000 internet-facing servers with WSUS enabled. Google’s GTIG tr…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Palo Alto Networks Unit 42 details active exploitation of CVE-2025-59287, including process chains indicating cmd.exe and powershell.exe spawned by wsusservice.exe/w3wp.exe, and exfiltration to Webhoo…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Ubuntu published USN-7842-1 addressing a vulnerability in radare2. While the notice landing page is cookie-gated, the advisory indicates fixes available via standard updates for supported releases.
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Researchers demonstrated indirect prompt injection in Microsoft 365 Copilot via booby‑trapped documents. Copilot fetched recent emails, hex‑encoded them, and built a clickable Mermaid diagram that exf…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
USN‑7833‑2 addresses multiple vulnerabilities in the Linux realtime kernel for Ubuntu 24.04 LTS, including AMD store buffer data inference (CVE‑2024‑36350, CVE‑2024‑36357) and a very large set of subs…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Shadowserver reports more than 71,000 internet-exposed WatchGuard Fireware devices vulnerable to CVE-2025-9242, a critical (CVSS 9.8) out-of-bounds write in IKEv2 that can lead to unauthenticated remo…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
CISA added five security flaws to the Known Exploited Vulnerabilities (KEV) catalog, confirming real‑world exploitation. Highlights include Oracle E‑Business Suite SSRF (CVE-2025-61884) and RCE (CVE-2…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Moxa patched five vulnerabilities impacting OT security appliances and routers, including CVE-2025-6950—hard‑coded JWT signing keys enabling auth bypass and full device compromise. Additional issues i…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Canonical released USN-7829-2 addressing vulnerabilities in Linux kernel FIPS and Real-time variants. The advisory covers flaws that could allow denial of service or privilege escalation under certain…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Security update for stunnel packages in Slackware 15.0 addressing a critical configuration/security issue. Source: LinuxSecurity.
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Microsoft’s Security Update Guide lists CVE-2025-0033 affecting AMD Secure Nested Paging (SNP) during RMP initialization. The entry classifies impact as Critical and ties to Remote Code Execution impa…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Oracle warned of CVE-2025-61884 (CVSS 7.5) affecting EBS 12.2.3–12.2.14, allowing unauthenticated HTTP access to Oracle Configurator and potential exposure of critical data; patching urged.
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits