Aggregator

A vulnerability, which was classified as problematic, has been found in Easy Textillate Plugin up to 2.01 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2303. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in Plus Addons for Elementor Plugin up to 5.4.1 on WordPress. Impacted is an unknown function of the component Clients Widget. The manipulation results in file inclusion. This vulnerability was named CVE-2024-2203. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability marked as problematic has been reported in Master Addons for Elementor Plugin up to 2.0.5.6 on WordPress. The affected element is an unknown function of the component Pricing Table Widget. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2024-2139. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in Plus Addons for Elementor Plugin up to 5.4.1 on WordPress. The impacted element is an unknown function of the component Team Member Listing. Such manipulation leads to file inclusion. This vulnerability is referenced as CVE-2024-2210. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability classified as problematic was found in Elementor Website Builder Plugin up to 3.20.1 on WordPress. This affects an unknown part of the component Post Navigation. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2120. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Simple Ajax Chat Plugin up to 20231101 on WordPress. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2024-2956. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Networker Plugin up to 1.1.9 on WordPress. It has been declared as critical. This affects an unknown function. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2024-2962. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Meta Tag Manager Plugin up to 3.0.2 on WordPress. Affected is an unknown function. This manipulation causes code injection. This vulnerability is handled as CVE-2024-1770. The attack can be initiated remotely. There is not any exploit available.

A vulnerability has been found in Elementor Addon Elements Plugin up to 1.13.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2024-2091. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Events Manager Plugin up to 6.4.7.1 on WordPress and classified as problematic. This affects an unknown part. Executing a manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2024-2110. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Events Manager Plugin up to 6.4.7.1 on WordPress. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2024-2111. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in Otter Blocks Plugin up to 2.6.5 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2024-2841. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Media Library Assistant Plugin up to 3.13 on WordPress. It has been classified as problematic. This affects the function mla_gallery of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2475. The attack is possible to be carried out remotely. No exploit exists.

Web server administrators must prioritize updating their infrastructure, as Nginx 1.29.8 and the parallel FreeNginx project have officially released critical updates. Released on April 7, 2026, these new versions introduce essential security features, enhanced cryptographic compatibility, and crucial bug fixes designed to ensure robust server performance and defend against modern cyber threats. FreeNginx, the fork […]

The post Nginx 1.29.8 and FreeNginx Released With Critical Security Updates appeared first on Cyber Security News.

Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users

We’re introducing cf, a new unified CLI designed for consistency across the Cloudflare platform, alongside Local Explorer for debugging local data. These tools simplify how developers and AI agents interact with our nearly 3,000 API operations.

A critical vulnerability was disclosed in Marimo, an open-source reactive Python notebook platform. Less than 10 hours later, attackers successfully weaponized the flaw to steal sensitive cloud credentials, highlighting the extreme speed of modern threat actors. The security flaw is formally tracked as CVE-2026-39987 (formerly GHSA-2679-6mx9-h9xc) and carries a Critical CVSS v4.0 score of 9.3. […]

The post Marimo RCE Vulnerability Exploited in the Within 10 Hours of Disclosure appeared first on Cyber Security News.

Больше никакой игры в «дочки-матери».

The cybersecurity community is on high alert after the disclosure of a critical security flaw in Axios, a widely used promise-based HTTP client for Node.js and browsers. Security researcher Jason Saayman recently disclosed an unrestricted vulnerability that allows exfiltration of cloud metadata. This dangerous flaw enables attackers to execute remote code or compromise the entire cloud […]

The post Critical Axios Vulnerability Allows Remote Code Execution – PoC Released appeared first on Cyber Security News.