Ex-ASML, NXP staffer accused of stealing chip secrets, peddling them to Moscow
Ex-ASML, NXP staffer accused of stealing chip secrets, peddling them to Moscow

Ex-ASML, NXP staffer accused of stealing chip secrets, peddling them to Moscow

2025-04-04 06:36

We're not Putin up with this alleged industrial espionage, say the Dutch A Russian national...

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

2025-04-04 06:07

Ivanti has disclosed details of a now-patched critical security vulnerability impacting its...

Retirement funds reportedly raided after unexplained portal probes and data theft

Retirement funds reportedly raided after unexplained portal probes and data theft

2025-04-04 05:48

Australians checking their pensions are melting down call centres and websites Australian...

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft

2025-04-04 05:45

Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the...

Forward-thinking CISOs are shining a light on shadow IT

Forward-thinking CISOs are shining a light on shadow IT

2025-04-04 05:30

In this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis,...

Connected cars drive into a cybersecurity crisis

Connected cars drive into a cybersecurity crisis

2025-04-04 05:15

Technology has entered all areas of life, and our cars are no exception. They have become...

Benefits from privacy investment are greater than the cost

Benefits from privacy investment are greater than the cost

2025-04-04 05:00

Cisco released its 2025 Data Privacy Benchmark Study. The report looks at global trends in data...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2328
High 6948
Medium 10684
Low 410

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 3100
Microsoft 550
Google 538
Adobe 515
Apple 494

Latest Vulnerabilities

  • CVE-2025-3184

    7.3

    A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file...

    network
    low complexity
    CWE-74
  • CVE-2025-3185

    7.3

    A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file...

    network
    low complexity
    CWE-74
  • CVE-2025-3181

    7.3

    A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file...

    network
    low complexity
    CWE-74
  • CVE-2025-3182

    7.3

    A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The...

    network
    low complexity
    CWE-74
  • CVE-2025-3183

    7.3

    A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file...

    network
    low complexity
    CWE-74

Latest Critical Vulnerabilities

  • CVE-2025-2005

    9.8

    The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and...

    network
    low complexity
    CWE-434
    critical
  • CVE-2024-13553

    9.8

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the...

    network
    low complexity
    CWE-288
    critical
  • CVE-2025-2237

    9.8

    The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions...

    network
    low complexity
    CWE-269
    critical
  • CVE-2025-31084

    9.8

    Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.

    network
    low complexity
    CWE-502
    critical
  • CVE-2025-3011

    9.8

    SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

    network
    low complexity
    CWE-89
    critical
  • CVE-2025-2266

    9.8

    The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the...

    network
    low complexity
    CWE-862
    critical
  • CVE-2025-2294

    9.8

    The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it...

    network
    low complexity
    CWE-22
    critical
  • CVE-2025-2332

    9.8

    The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input...

    network
    low complexity
    CWE-502
    critical