73
CVEs
3
Threats
0
News
🛡 Security Vulnerabilities (CVE)
CVE-2025-15096
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all
04:01 KSA
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This make…
CVE-2025-57707
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been repor
04:01 KSA
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files.
We have alr…
CVE-2025-30276
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun
04:01 KSA
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4…
CVE-2026-2321
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage
04:01 KSA
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-0910
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13
04:01 KSA
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated attackers, with Subscriber-level a…
CVE-2026-1560
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to
04:01 KSA
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated attackers, with Contributor-level acces…
CVE-2026-25924
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulner
04:01 KSA
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application correctly hides the plugin insta…
CVE-2025-10174
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pr
04:01 KSA
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.
CVE-2025-10913
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cl
04:01 KSA
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026.
NOTE: The vendor was cont…
CVE-2025-9986
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information S
04:01 KSA
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
CVE-2025-48724
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
04:01 KSA
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.…
CVE-2025-52870
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
04:01 KSA
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.…
CVE-2025-57709
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
04:01 KSA
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.…
CVE-2025-52869
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
04:01 KSA
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.…
CVE-2025-52868
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
04:01 KSA
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.…
CVE-2025-48725
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker
04:01 KSA
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following ve…
CVE-2025-48723
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
04:01 KSA
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.…
CVE-2025-30269
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attack
04:01 KSA
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the followi…
CVE-2019-25306
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially e
04:01 KSA
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would exe…
A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in …
CVE-2026-20614
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 2
04:01 KSA
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.
CVE-2026-20615
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tah
04:01 KSA
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.
CVE-2019-25310
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that
04:01 KSA
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launch…
CVE-2019-25309
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potenti
04:01 KSA
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious exe…
CVE-2019-25308
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration.
04:01 KSA
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations…
CVE-2019-25307
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows loc
04:01 KSA
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSy…
CVE-2026-26010
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines
04:01 KSA
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically …
CVE-2020-37210
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the
04:01 KSA
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
CVE-2025-57713
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit th
04:01 KSA
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5166 and later
CVE-2020-37211
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a larg
04:01 KSA
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37212
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to c
04:01 KSA
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37213
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sendi
04:01 KSA
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application cra…
CVE-2020-37214
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by man
04:01 KSA
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configur…
CVE-2020-37215
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the applica
04:01 KSA
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'Use…
CVE-2026-25990
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a
04:01 KSA
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypas…
CVE-2026-1669
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supp
04:01 KSA
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset …
CVE-2020-37182
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the ap
04:01 KSA
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fau…
CVE-2020-37194
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by s
04:01 KSA
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an applic…
CVE-2020-37193
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting…
CVE-2020-37191
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to
04:01 KSA
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Re…
CVE-2020-37190
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the
04:01 KSA
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fie…
CVE-2020-37189
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers t
04:01 KSA
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
CVE-2020-37188
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers
04:01 KSA
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsiv…
CVE-2020-37187
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers t
04:01 KSA
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37185
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by o
04:01 KSA
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash…
CVE-2020-37208
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to cr
04:01 KSA
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.
CVE-2020-37180
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37179
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the applicatio
04:01 KSA
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application…
CVE-2020-37178
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling.
04:01 KSA
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
CVE-2020-37177
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting
04:01 KSA
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash an…
CVE-2020-37175
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.
CVE-2020-37173
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details thr
04:01 KSA
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by man…
CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database
04:01 KSA
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate se…
CVE-2020-37196
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the applicati
04:01 KSA
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an…
CVE-2020-37209
SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to
04:01 KSA
SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37207
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to
04:01 KSA
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37206
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an
04:01 KSA
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
CVE-2020-37205
RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflo
04:01 KSA
RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an applicati…
CVE-2020-37204
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to cr
04:01 KSA
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
CVE-2020-37203
Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the applicatio
04:01 KSA
Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an appli…
CVE-2020-37202
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by suppl
04:01 KSA
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an applicatio…
CVE-2020-37201
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to
04:01 KSA
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37200
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to
04:01 KSA
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an a…
CVE-2020-37199
NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to cras
04:01 KSA
NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37198
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger …
CVE-2020-37197
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the applicati
04:01 KSA
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an app…
CVE-2020-37195
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attacker
04:01 KSA
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2025-14541
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and includin
04:01 KSA
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter. This is due to the plugin using PHP's eval() function on user-controlled input without proper validation or saniti…
CVE-2025-15440
The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Paramet
04:01 KSA
The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker…
CVE-2026-20617
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe
04:01 KSA
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file over…
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this f…
⚠️ Threat Intelligence
3 threats
rss:Recorded Future
—
06:31 KSA
From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations
Recorded Future introduces Autonomous Threat Operations that dramatically reduces threat hunting complexity from 27 manual steps to just 5 largely automated steps…
rss:Krebs on Securit
—
05:41 KSA
Kimwolf Botnet Swamps Anonymity Network I2P
The Kimwolf IoT botnet has been actively disrupting the I2P anonymity network for over a week, targeting the decentralized encrypted communications infrastructure. This attack demonstrates the vulnerability of privacy-…
rss:Krebs on Securit
—
05:41 KSA
Patch Tuesday, February 2026 Edition
Microsoft released patches for over 50 security vulnerabilities in Windows and other software, including critical fixes for six zero-day vulnerabilities actively exploited by attackers. Organizations must prioritize immediate…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Wednesday, February 11, 2026
CVE Archive ·
Threats ·
News