CVE ID : CVE-2025-0469 Published : Feb. 27, 2025, 5:15 a.m. | 1 hour, 38 minutes ago Description : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input […]
CVE ID : CVE-2024-13905 Published : Feb. 27, 2025, 5:15 a.m. | 1 hour, 38 minutes ago Description : The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations […]
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potentially enabling unauthorized operations. Exploitation requires an attacker to obtain a valid refresh […]
CVE ID : CVE-2024-13647 Published : Feb. 27, 2025, 5:15 a.m. | 1 hour, 38 minutes ago Description : The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the ‘save_exam_setting’ and ‘delete_exam_setting’ actions. […]
23 Vulnerabilities in Black Basta’s Chat Logs Exploited in the Wild, Including PAN-OS, Cisco IOS, & Exchange GreyNoise has confirmed active exploitation of 23 out of 62 vulnerabilities referenced in internal chat logs attributed to the Black Basta ransomware group. These vulnerabilities span enterprise softw … Read more Published Date: Feb 27, 2025 (2 hours, 52 minutes […]
The following table lists the changes that have been made to the CVE-2025-21797 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Feb. 27, 2025 Action […]
The following table lists the changes that have been made to the CVE-2025-21795 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Feb. 27, 2025 Action […]
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from hid-thrustmaster driver. This array is passed to usb_check_int_endpoints function from usb.c core driver, which executes a for loop that iterates over the elements of the passed array. […]
The following table lists the changes that have been made to the CVE-2025-21793 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Feb. 27, 2025 Action […]
In the Linux kernel, the following vulnerability has been resolved: nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously. However, acl_access will still retain a pointer pointing to the released posix_acl, which will trigger a WARNING in nfs3svc_release_getacl like this: ————[ cut here ]———— refcount_t: underflow; use-after-free. […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
