In what has been described as an “extremely sophisticated phishing attack,” threat actors have leveraged an uncommon approach that allowed…
Security
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints,…
HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication
A critical vulnerability in Hewlett Packard Enterprise‘s Performance Cluster Manager has been identified, enabling attackers to remotely bypass authentication safeguards.
The flaw, formally documented …
Read more
Published Date:
Apr 22, 2025 (3 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27086
Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation
A security flaw has been identified in the Windows Update Stack, exposing millions of Windows systems to the risk of unauthorized code execution and privilege escalation.
Tracked as CVE-2025-21204, th …
Read more
Published Date:
Apr 22, 2025 (3 hours, 44 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-29824
CVE-2025-21204
Google’s email spoofed by cunning phisherfolk who re-used DKIM creds
Infosec In Brief Email security outfit EasyDMARC recently spotted a phishing campaign that successfully spoofed Google with a sophisticated attack.
As explained in a technical breakdown, the attackers …
Read more
Published Date:
Apr 22, 2025 (3 hours, 41 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-25234
CVE-2025-25230
CVE-2025-31201
CVE-2025-31200
CVE-2021-20035
Patching Vulnerabilities Faster Reduces Risks & Lower Cyber Risk Index
A significant correlation between vulnerability patching speed and reduced cybersecurity risks has emerged according to groundbreaking research released on March 25, 2025.
Organizations implementing r …
Read more
Published Date:
Apr 22, 2025 (3 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE ID : CVE-2025-39471
Published : April 18, 2025, 5:15 a.m. | 4 days, 4 hours ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46227
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46228
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46229
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46231
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46232
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Missing Authorization vulnerability in alttextai Download Alt Text AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Alt Text AI: from n/a through 1.9.93.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46233
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46235
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 2.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46236
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46241
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46238
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46239
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46240
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46237
Published : April 22, 2025, 10:15 a.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…