Security

CVE ID : CVE-2025-47783

Published : May 14, 2025, 11:15 p.m. | 3 hours, 51 minutes ago

Description : Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attacks. The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. Version 1.18.0 contains a patch for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4579

Published : May 15, 2025, 2:15 a.m. | 52 minutes ago

Description : The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3917

Published : May 15, 2025, 4:16 a.m. | 36 minutes ago

Description : The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it…

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral…

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages,…

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and…

A man has been jailed in Ireland for two years after pleading guilty to offences related to his illegal online…

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application…

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical…

In episode 50 of The AI Fix, AI brings a slain man back from the dead so he can appear…

Australia is facing a troubling uptick in data breaches, with the country recording its highest number of reported incidents this…

Microsoft Patch Tuesday for May 2025 included five actively exploited zero days and another eight vulnerabilities judged to be at…

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained…

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice…

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set…

Cybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called Horabot targeting Windows users in…

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released…

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to…

A new global phishing threat called “Meta Mirage” has been uncovered, targeting businesses using Meta’s Business Suite. This campaign specifically…