Development

New DOGE Big Balls Ransomware Using Open-Source Tools & Custom Scripts to Infect Victim Machines

Cybersecurity researchers have identified a sophisticated new ransomware variant called “DOGE Big Balls,” which appears to be a modified version of the existing Fog ransomware family.
The malware, pro …
Read more

Published Date:
May 08, 2025 (1 hour, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-26168

CVE-2024-44236

CVE-2015-2291

CVE ID : CVE-2025-2806

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3468

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3506

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3862

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4208

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of user-supplied input in call_user_func(). This makes it possible for authenticated attackers, with Custom-level access, to execute arbitrary PHP functions that meet specific constraints (static methods or global functions accepting a single array parameter).

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-6648

Published : May 8, 2025, 1:15 p.m. | 2 hours, 21 minutes ago

Description : Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the ‘product_item_path’ within the ‘config’ JSON file, allowing them to read any file on the system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47729

Published : May 8, 2025, 2:15 p.m. | 1 hour, 22 minutes ago

Description : The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage “End-to-End encryption from the mobile phone through to the corporate archive” documentation, as exploited in the wild in May 2025.

Severity: 1.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47730

Published : May 8, 2025, 2:15 p.m. | 1 hour, 22 minutes ago

Description : The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45818

Published : May 8, 2025, 3:15 p.m. | 21 minutes ago

Description : Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45820

Published : May 8, 2025, 3:15 p.m. | 21 minutes ago

Description : Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-45819

Published : May 8, 2025, 3:15 p.m. | 21 minutes ago

Description : Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4207

Published : May 8, 2025, 3:15 p.m. | 21 minutes ago

Description : Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

When you’re building a website, you’ll want it to be responsive, fast, and efficient. This means making sure the site…

It is said that there are two different worlds in TypeScript that exist side by side: the type world and…

Building modern full-stack applications requires a strong grasp of various interconnected technologies. And what better way to learn than by…

Part 1: You’ve taken your last breath. The world you knew begins to recede, the familiar sensations fading like a…

Another year, another viral deepfake of Katy Perry at the Met Gala and once again, she wasn’t even there. Photos…

China has unveiled the world’s first fully AI-powered hospital, marking a radical shift in the future of healthcare. Developed by…

Comments Source: Read More