Boffins devise technique that lets users prove location without giving it away
Boffins devise technique that lets users prove location without giving it away

Boffins devise technique that lets users prove location without giving it away

2025-05-17 15:31

ZKLP system allows apps to confirm user presence in a region without exposing exactly where...

New 'Defendnot' tool tricks Windows into disabling Microsoft Defender

New 'Defendnot' tool tricks Windows into disabling Microsoft Defender

2025-05-17 14:09

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by...

[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications

[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications

2025-05-17 04:07

Modern apps move fast—faster than most security teams can keep up. As businesses rush to build...

Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig

Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig

2025-05-16 23:32

Phony LinkedIn recruitment ads? Groundbreaking Chinese government snoops - hiding behind the...

#US
America’s consumer watchdog drops leash on proposed data broker crackdown

America’s consumer watchdog drops leash on proposed data broker crackdown

2025-05-16 22:47

Crooks must be licking their lips at the possibilities Uncle Sam's consumer watchdog has...

Friday Squid Blogging: Pet Squid Simulation

Friday Squid Blogging: Pet Squid Simulation

2025-05-16 21:05

From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The...

Microsoft confirms May Windows 10 updates trigger BitLocker recovery

Microsoft confirms May Windows 10 updates trigger BitLocker recovery

2025-05-16 18:36

​Microsoft has confirmed that some Windows 10 and Windows 10 Enterprise LTSC 2021 systems will...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2739
High 7604
Medium 11174
Low 439

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 3140
Adobe 595
Microsoft 540
Google 515
Apple 492

Latest Vulnerabilities

  • CVE-2025-4726

    7.3

    A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation...

    network
    low complexity
    CWE-74
    7.3

  • CVE-2025-4727

    3.7

    A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of...

    network
    high complexity
    3.7

  • CVE-2025-4728

    7.3

    A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the...

    network
    low complexity
    CWE-74
    7.3

  • CVE-2025-4722

    7.3

    A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the...

    network
    low complexity
    CWE-74
    7.3

  • CVE-2025-4723

    7.3

    A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The...

    network
    low complexity
    CWE-74
    7.3

Latest Critical Vulnerabilities

  • CVE-2025-4564

    9.8

    The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and...

    network
    low complexity
    CWE-22
    critical
    9.8

  • CVE-2025-3917

    9.8

    The ????SEO??(????/??/Bing/????) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all...

    network
    low complexity
    CWE-434
    critical
    9.8

  • CVE-2025-43559

    9.1

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current...

    network
    low complexity
    CWE-20
    critical
    9.1

  • CVE-2025-43560

    9.1

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current...

    network
    low complexity
    CWE-20
    critical
    9.1

  • CVE-2025-43561

    9.1

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user....

    network
    low complexity
    CWE-863
    critical
    9.1

  • CVE-2025-43562

    9.1

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could...

    network
    low complexity
    CWE-78
    critical
    9.1

  • CVE-2025-43563

    9.1

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this...

    network
    low complexity
    CWE-284
    critical
    9.1

  • CVE-2025-43564

    9.1

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this...

    network
    low complexity
    CWE-863
    critical
    9.1