CVE ID : CVE-2025-3924

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the ‘valid_email’ value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4054

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via the search results.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4055

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mpto’ shortcode in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4220

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Xavin’s List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘xls’ shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4335

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach…

Samsung MagicINFO 9 Server RCE flaw now exploited in attacks

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware.
Samsung MagicINFO Server is a centralized co …
Read more

Published Date:
May 06, 2025 (6 hours, 49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-7399

Apache Parquet exploit tool detect servers vulnerable to critical flaw

A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.
The tool was released b …
Read more

Published Date:
May 06, 2025 (5 hours, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-30065

‘Easily Exploitable’ Langflow Vulnerability Requires Immediate Patching

Source: Alexey Kotelnikov via Alamy Stock PhotoNEWS BRIEFA critical flaw found in the open source Langflow platform was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA’s) Know …
Read more

Published Date:
May 06, 2025 (3 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31324

CVE-2025-3248

Researcher Says Patched Commvault Bug Still Exploitable

Source: T.Schneider via ShutterstockCertain versions of Commvault Command Center remain open to attack via a recently disclosed maximum severity vulnerability, even in supposedly patched builds of the …
Read more

Published Date:
May 06, 2025 (2 hours, 35 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-34028

I can’t think of many reasons to buy an Xbox over competing platforms when Microsoft has dwindled its appeal to…

I’ve been playing my favorite games and running benchmarks on the ASUS ROG Strix SCAR 18 for a few weeks.…

The Windows 11 Settings app is set to gain a new AI agent that will make configuring your PC even…

Microsoft is launching a Surface Pro 12-inch and Surface Laptop 13-inch today, starting at $799 and $899, with pre-orders available…

Microsoft just unveiled a Surface Pro 12-inch designed with mobility in mind. I compare it to the flagship Surface Pro…

First leaked last month, the Windows 11 Start menu is getting a more customizable layout with a collapsible Phone Link…

Microsoft unveiled a new 13-inch Surface Laptop as a more portable alternative to the Surface Laptop 7. I take a…

The latest game mode in Call of Duty: Warzone may well be weed-themed, but it’s the most fun I’ve had…

Grand Theft Auto 6’s second trailer is here, showing more of Vice City and the lives of protagonists Lucia and…

The new Surface Pro 12-inch and Surface Laptop 13-inch are more affordable and portable than their flagship siblings. Have they…