Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

2025-04-05 15:50

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for...

Coinbase to fix 2FA account activity entry freaking out users

Coinbase to fix 2FA account activity entry freaking out users

2025-04-05 15:36

Coinbase is fixing an incorrect account activity message that freaks out customers and makes...

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

2025-04-05 14:23

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading...

WinRAR flaw bypasses Windows Mark of the Web security alerts

WinRAR flaw bypasses Windows Mark of the Web security alerts

2025-04-05 14:14

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of...

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

2025-04-05 08:38

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI)...

Friday Squid Blogging: Two-Man Giant Squid

Friday Squid Blogging: Two-Man Giant Squid

2025-04-04 21:03

The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you...

Trump fires NSA boss, deputy

Trump fires NSA boss, deputy

2025-04-04 19:26

Intelligence chief booted after less than two years on the job President Trump today fired the...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2337
High 6975
Medium 10717
Low 403

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 3100
Microsoft 550
Google 538
Adobe 515
Apple 494

Latest Vulnerabilities

  • CVE-2025-3268

    5.3

    A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the...

    network
    low complexity
    CWE-287
  • CVE-2025-3265

    7.3

    A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-category.php. The...

    network
    low complexity
    CWE-74
  • CVE-2025-3266

    7.3

    A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/http_conn.cpp. The...

    network
    low complexity
    CWE-121
  • CVE-2025-3256

    6.3

    A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the...

    network
    low complexity
    CWE-266
  • CVE-2025-3257

    4.3

    A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery....

    network
    low complexity
    CWE-862

Latest Critical Vulnerabilities

  • CVE-2025-2798

    9.8

    The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration....

    network
    low complexity
    CWE-269
    critical
  • CVE-2025-2780

    9.8

    The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up...

    network
    low complexity
    CWE-434
    critical
  • CVE-2024-13645

    9.8

    The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated...

    network
    low complexity
    CWE-94
    critical
  • CVE-2025-2005

    9.8

    The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and...

    network
    low complexity
    CWE-434
    critical
  • CVE-2024-13553

    9.8

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the...

    network
    low complexity
    CWE-288
    critical
  • CVE-2025-2237

    9.8

    The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions...

    network
    low complexity
    CWE-269
    critical
  • CVE-2025-31084 - Deserialization of Untrusted Data vulnerability in Sunshinephotocart Sunshine Photo Cart

    9.8

    Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.

    network
    low complexity
    sunshinephotocart CWE-502
    critical
  • CVE-2025-3011

    9.8

    SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

    network
    low complexity
    CWE-89
    critical