Security

CVE ID : CVE-2025-43753

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.

Severity: 2.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service…

In a world where digital infrastructures run global empires, even the biggest names in the fast-food industry aren’t immune to…

A massive cybercrime operation tied to one of the internet’s most powerful DDoS-for-hire botnets, Rapper Bot, has been brought down,…

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart…

Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means…

The Hong Kong Computer Emergency Response Team Coordination Center issued an alert regarding a remote code execution flaw in Google…

Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into…

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in…

The Warlock ransomware has hit a number of organisations including government agencies and departments, and most recently UK-based telecoms firm…

Do you know how many AI agents are running inside your business right now? If the answer is “not sure,”…

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to…

Qilin has been the top ransomware group in recent months, so it’s not surprising that the group has apparently attracted…

In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut…

CVE ID : CVE-2011-10027

Published : Aug. 20, 2025, 4:15 p.m. | 8 hours, 35 minutes ago

Description : AOL Desktop 9.6 contains a buffer overflow vulnerability in its Toolrich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2011-10028

Published : Aug. 20, 2025, 4:15 p.m. | 8 hours, 35 minutes ago

Description : The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim’s Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks’ platform, GameHouse.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2011-10029

Published : Aug. 20, 2025, 4:15 p.m. | 8 hours, 35 minutes ago

Description : Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2011-10030

Published : Aug. 20, 2025, 4:15 p.m. | 8 hours, 35 minutes ago

Description : Foxit PDF Reader
Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10061

Published : Aug. 20, 2025, 4:15 p.m. | 8 hours, 35 minutes ago

Description : Sockso Music Host Server versions
Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55732

Published : Aug. 20, 2025, 4:15 p.m. | 8 hours, 35 minutes ago

Description : Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-52895. This vulnerability is fixed in 15.74.2 and 14.96.15.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…