Friday, May 23, 2025

CVE/vulnerability

WordPress Plugin Vulnerability Opens Door to SQL Injection Exploits

A critical vulnerability in the popular WordPress plugin GamiPress has been uncovered, leaving users exposed to unauthenticated SQL injection attacks. The issue, assigned the identifier...

WordPress Plugin Flaw Exposes 200,000+ Sites at Risk of Code Execution

A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909,...

Critical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization

A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927. This critical flaw allows...

Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 – Patch Now

A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813. This vulnerability allows attackers to potentially...

Veeam RCE Vulnerability Allows Domain Users to Hack Backup Servers

Researchers uncovered critical Remote Code Execution (RCE) vulnerabilities in the Veeam Backup & Replication solution. These vulnerabilities, which include CVE-2025-23120, exploit weaknesses in deserialization mechanisms,...

Tomcat RCE Vulnerability Exploited in the Wild – Mitigation Steps Outlined

A recent vulnerability in Apache Tomcat, identified as CVE-2025-24813, has sparked concerns among cybersecurity professionals due to its potential for exploitation in unauthenticated remote...

CISA Issues Five Advisories on Industrial Control System Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories related to vulnerabilities and exploits affecting Industrial Control Systems (ICS). These advisories highlight significant...

Cisco Smart Licensing Utility Vulnerabilities Under Hacker Exploitation

Recent reports indicate that hackers are actively trying to exploit two critical vulnerabilities in the Cisco Smart Licensing Utility. These vulnerabilities, identified as CVE-2024-20439 and...