Security

CVE ID : CVE-2025-7729

Published : July 17, 2025, 2:15 a.m. | 47 minutes ago

Description : A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Jul 16, 2025Ravie LakshmananBrowser Security / Zero-Day
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wil …
Read more

Published Date:
Jul 16, 2025 (18 hours, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6558

CVE-2025-3648

CVE-2025-6554

CVE-2025-5419

CVE-2025-4664

CVE-2025-2783

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat …
Read more

Published Date:
Jul 16, 2025 (10 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32819

CVE-2024-38475

CVE-2023-44221

CVE-2021-20039

CVE-2021-20035

Google finds custom backdoor being installed on SonicWall network devices

Researchers from the Google Threat Intelligence Group said that hackers are compromising SonicWall Secure Mobile Access (SMA) appliances, which sit at the edge of enterprise networks and manage and se …
Read more

Published Date:
Jul 16, 2025 (6 hours, 49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32819

CVE-2024-38475

CVE-2021-20039

CVE-2021-20038

CVE-2021-20035

Europe’s cyberlaw enforcers just dealt a blow to the pro‑Russian hacktivist group NoName057(16), notorious for orchestrating DDoS attacks on NATO-aligned…

Police have struck a blow against the DiskStation ransomware gang which targets Synology NAS devices, and arresting its suspected ringleader.…

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to…

CVE ID : CVE-2025-7673

Published : July 16, 2025, 7:15 a.m. | 10 hours, 59 minutes ago

Description : A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54010

Published : July 16, 2025, 11:15 a.m. | 6 hours, 59 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a through 10.50.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-24759

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CMSJunkie – WordPress Business Directory Plugins WP-BusinessDirectory allows Blind SQL Injection. This issue affects WP-BusinessDirectory: from n/a through 3.1.3.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54026

Published : July 16, 2025, 11:15 a.m. | 6 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This issue affects GymBase Theme Classes: from n/a through 1.4.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-24777

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-24779

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28959

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Md Yeasin Ul Haider URL Shortener allows SQL Injection. This issue affects URL Shortener: from n/a through 3.0.7.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28961

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-30949

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram: from n/a through 1.0.4.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28965

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Shortener: from n/a through 3.0.7.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28982

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-30936

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29009

Published : July 16, 2025, 12:15 p.m. | 5 hours, 59 minutes ago

Description : Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…