30 minutes to pwn town: Are speedy responses more important than backups for recovery?
30 minutes to pwn town: Are speedy responses more important than backups for recovery?

30 minutes to pwn town: Are speedy responses more important than backups for recovery?

2025-04-04 11:29

The industry’s approach to keeping quality backups may be masking the importance of other...

Troy Hunt Gets Phished

Troy Hunt Gets Phished

2025-04-04 11:02

In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has...

Have We Reached a Distroless Tipping Point?

Have We Reached a Distroless Tipping Point?

2025-04-04 10:57

There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how...

Benchmarks Find ‘DeepSeek-V3-0324 Is More Vulnerable Than Qwen2.5-Max’

Benchmarks Find ‘DeepSeek-V3-0324 Is More Vulnerable Than Qwen2.5-Max’

2025-04-04 08:37

While the latest iteration of Qwen2.5-Max outperforms DeepSeek-V3 on security, the AI model lags...

Alan Turing Institute: UK can't handle a fight against AI-enabled crims

Alan Turing Institute: UK can't handle a fight against AI-enabled crims

2025-04-04 08:30

Law enforcement facing huge gap in 'AI adoption' The National Crime Agency (NCA) will...

Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option

Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option

2025-04-04 08:26

Microsoft is killing the Windows 11 bypass trick — soon, all setups will require internet and a...

North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds

North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds

2025-04-04 08:21

The attackers pose as legitimate remote IT workers, looking to both generate revenue and access...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2328
High 6948
Medium 10684
Low 410

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 3100
Microsoft 550
Google 538
Adobe 515
Apple 494

Latest Vulnerabilities

  • CVE-2025-3184

    7.3

    A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file...

    network
    low complexity
    CWE-74
  • CVE-2025-3185

    7.3

    A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file...

    network
    low complexity
    CWE-74
  • CVE-2025-3181

    7.3

    A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file...

    network
    low complexity
    CWE-74
  • CVE-2025-3182

    7.3

    A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The...

    network
    low complexity
    CWE-74
  • CVE-2025-3183

    7.3

    A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file...

    network
    low complexity
    CWE-74

Latest Critical Vulnerabilities

  • CVE-2025-2005

    9.8

    The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and...

    network
    low complexity
    CWE-434
    critical
  • CVE-2024-13553

    9.8

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the...

    network
    low complexity
    CWE-288
    critical
  • CVE-2025-2237

    9.8

    The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions...

    network
    low complexity
    CWE-269
    critical
  • CVE-2025-31084

    9.8

    Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.

    network
    low complexity
    CWE-502
    critical
  • CVE-2025-3011

    9.8

    SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

    network
    low complexity
    CWE-89
    critical
  • CVE-2025-2266

    9.8

    The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the...

    network
    low complexity
    CWE-862
    critical
  • CVE-2025-2294

    9.8

    The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it...

    network
    low complexity
    CWE-22
    critical
  • CVE-2025-2332

    9.8

    The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input...

    network
    low complexity
    CWE-502
    critical