Security

Cisco waarschuwt voor kritieke kwetsbaarheden Cisco ISE en Cisco ISE-PIC

Cisco waarschuwt voor meerdere critical kwetsbaarheden in Cisco Identity Services Engine (ISE) en Cisco ISE Passive Identity Connector (ISE-PIC). De kwetsbaarheden stellen kwaadwillenden in staat om a …
Read more

Published Date:
Jul 18, 2025 (4 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20337

CVE-2025-20282

CVE-2025-20281

Kaspersky ontdekt geavanceerde backdoor in Exchange-systemen

Het “GReAT” (Global Research & Analysis Team) securityteam van Kaspersky heeft een geavanceerde multifunctionele backdoor, genaamd “GhostContainer” ontdekt. Het gaat om op maat gemaakte malware, die s …
Read more

Published Date:
Jul 18, 2025 (2 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2020-0688

Hackers Launch 11.5 Million Attacks on CitrixBleed 2-Compromising Over 100 Organizations

A massive wave of exploitation targeting the critical CitrixBleed 2 vulnerability (CVE-2025-5777), with over 11.5 million attack attempts recorded since its disclosure in June.
The campaign has succes …
Read more

Published Date:
Jul 18, 2025 (2 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5777

Lenovo Protection Driver Vulnerability Let Attackers Escalate Privilege and Execute Arbitrary Code

A buffer overflow vulnerability in Lenovo Protection Driver could allow local attackers with elevated privileges to execute arbitrary code on affected systems.
The vulnerability, designated as CVE-202 …
Read more

Published Date:
Jul 18, 2025 (2 hours, 15 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-4657

Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands

A critical security vulnerability affecting multiple Ubiquiti UniFi Access devices could allow attackers to execute malicious commands remotely.
The vulnerability, tracked as CVE-2025-27212, stems fro …
Read more

Published Date:
Jul 18, 2025 (1 hour, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

Sophos Intercept X for Windows Vulnerabilities Enable Arbitrary Code Execution

Three critical vulnerabilities in the Sophos Intercept X for Windows product family could allow local attackers to achieve arbitrary code execution with system-level privileges.
Identified as CVE-2024 …
Read more

Published Date:
Jul 18, 2025 (1 hour, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-7433

CVE-2025-7472

CVE-2024-13972

Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon

A sophisticated malware campaign targeting Ivanti Connect Secure VPN devices has been actively exploiting critical vulnerabilities CVE-2025-0282 and CVE-2025-22457 since December 2024.
The ongoing att …
Read more

Published Date:
Jul 18, 2025 (1 hour, 7 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-22457

CVE-2025-0282

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations…

Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in…

The future of cybersecurity awareness might just be… gluten-based. Source: Read More

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a…

Within a single week, the Cambodia cybercrime crackdown arrested over 1,000 suspects linked to operations spanning at least five provinces,…

CVE ID : CVE-2025-6222

Published : July 18, 2025, 6:15 a.m. | 3 hours, 59 minutes ago

Description : The WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘ced_rnx_order_exchange_attach_files’ function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6718

Published : July 18, 2025, 6:15 a.m. | 4 hours, 42 minutes ago

Description : The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6719

Published : July 18, 2025, 6:15 a.m. | 4 hours, 42 minutes ago

Description : The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6726

Published : July 18, 2025, 6:15 a.m. | 4 hours, 42 minutes ago

Description : The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_options() function in all versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post meta for arbitrary posts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6717

Published : July 18, 2025, 6:15 a.m. | 4 hours, 42 minutes ago

Description : The B1.lt plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7643

Published : July 18, 2025, 6:15 a.m. | 3 hours, 59 minutes ago

Description : The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7438

Published : July 18, 2025, 7:15 a.m. | 3 hours, 42 minutes ago

Description : The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘install_and_activate_plugin’ function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The vulnerability is difficult to exploit due to timing requirements and environmental factors.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7772

Published : July 18, 2025, 7:15 a.m. | 3 hours, 42 minutes ago

Description : The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…