Search
News & Updates
Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts
The Nmap Project has officially launched the highly anticipated Nmap 7.96, bringing a wealth of new features, performance upgrades, and bug fixes to the popular network scanning tool. As a fundamental …
Read more
Published Date:
May 08, 2025 (6 days, 17 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20188
CVE-2025-27363
CVE-2024-54772
CVE ID : CVE-2025-4126
Published : May 15, 2025, 4:16 a.m. | 39 minutes ago
Description : The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode_title function. This makes it possible for authenticated attackers – with contributor-level access and above, on sites with the Classic Editor plugin activated – to inject arbitrary JavaScript code in the titletag attribute that will execute whenever a user access an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4591
Published : May 15, 2025, 4:16 a.m. | 39 minutes ago
Description : The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘weluka-map’ shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32421
Published : May 14, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel’s platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Artificial Intelligence
MIT Professor Markus J. Buehler has been named the recipient of the 2025 Washington Award, one…
Our 201st episode with a summary and discussion of last week’s big AI news!Recorded on…
For over 30 years, science photographer Felice Frankel has helped MIT professors, researchers, and students…
Imagine that a robot is helping you clean the dishes. You ask it to grab…
