Handala
You must login to view this content
Aggregator
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
9 months 2 weeks ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing
The Hacker News
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
9 months 2 weeks ago
美国网络安全机构CISA新增三个安全漏洞至已知被利用漏洞目录,涉及AMI MegaRAC、D-Link DIR-859路由器和FortiOS系统,评分分别为10.0、5.3和4.2。
CVE-2024-50555 | Elementor Website Builder Plugin up to 3.29.0 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability was found in Elementor Website Builder Plugin up to 3.29.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-50555. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-23973 | SpecFit-Virtual Try On Woocommerce Plugin up to 7.0.5 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability was found in SpecFit-Virtual Try On Woocommerce Plugin up to 7.0.5 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2025-23973. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-6212 | Ultra Addons for Contact Form 7 Plugin up to 3.5.11/3.5.19 on WordPress Database Module ajax_get_table_data cross site scripting
9 months 2 weeks ago
A vulnerability was found in Ultra Addons for Contact Form 7 Plugin up to 3.5.11/3.5.19 on WordPress. It has been classified as problematic. This affects the function ajax_get_table_data of the component Database Module. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-6212. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-5842 | Modern Design Library Plugin up to 1.1.4 on WordPress Class cross site scripting
9 months 2 weeks ago
A vulnerability was found in Modern Design Library Plugin up to 1.1.4 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Class leads to cross site scripting.
This vulnerability is handled as CVE-2025-5842. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-5338 | WProyal Royal Elementor Addons Plugin up to 1.7.1024 on WordPress Widget cross site scripting
9 months 2 weeks ago
A vulnerability has been found in WProyal Royal Elementor Addons Plugin up to 1.7.1024 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Widget. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-5338. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-49423 | Bulk YouTube Post Creator Plugin up to 1.0 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Bulk YouTube Post Creator Plugin up to 1.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-49423. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-30972 | Woocommerce Line Notify Plugin up to 1.1.7 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Woocommerce Line Notify Plugin up to 1.1.7 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2025-30972. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-47654 | FormLift for Infusionsoft Web Forms Plugin up to 7.5.20 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability classified as problematic has been found in FormLift for Infusionsoft Web Forms Plugin up to 7.5.20 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-47654. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-47574 | School Management Plugin up to 92.0.0 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability classified as problematic was found in School Management Plugin up to 92.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2025-47574. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-39478 | Smart Notification Plugin up to 10.3 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability was found in Smart Notification Plugin up to 10.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2025-39478. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-25173 | FastBook Plugin up to 1.1 on WordPress cross site scripting
9 months 2 weeks ago
A vulnerability was found in FastBook Plugin up to 1.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-25173. The attack can be launched remotely. There is no exploit available.
vuldb.com
Trend Micro Scam Radar analyzes different communications methods used by scammers
9 months 2 weeks ago
Trend Micro launched Scam Radar, a new feature within the Trend Micro ScamCheck app. Scam Radar offers real-time protection by identifying scam tactics utilized by cybercriminals as they happen, alerting users early and empowering them to take action before any harm is done. A recent study by Trend Micro found that 30% of consumers reported having been a victim of an online scam and 39% of victims did not even realize they had been scammed … More →
The post Trend Micro Scam Radar analyzes different communications methods used by scammers appeared first on Help Net Security.
Industry News
Sitecore内容管理系统漏洞链始于在设置硬编码密码时的疏漏
9 months 2 weeks ago
当前网络环境出现异常问题,需完成验证操作后方可继续访问。
嘶吼安全产业研究院 | 2025中国网络安全「能源行业」优秀解决方案汇编
9 months 2 weeks ago
当前环境异常,请完成验证以继续访问。
Sitecore内容管理系统漏洞链始于在设置硬编码密码时的疏漏
9 months 2 weeks ago
Sitecore被部署在数千个环境中,包括银行、航空公司和全球企业,影响广泛。
嘶吼安全产业研究院 | 2025中国网络安全「能源行业」优秀解决方案汇编
9 months 2 weeks ago
能源行业正经历一场前所未有的安全变革。随着“双碳”目标推进,风电、光伏等新能源并网规模激增,电力物联网、油气管网智能化改造加速,传统封闭隔离的安全防护模式正被彻底打破。面对高级持续性威胁(APT)、勒索软件等新型攻击手段的严峻挑战,能源行业正加速构建以主动防御、AI智能监测、韧性保障为核心的新型安全体系,通过零信任架构等创新技术手段,打造更高效、更可靠的网络安全防护能力。
嘶吼安全产业研究院基于《2025网络安全产业图谱》调研,通过对400+典型解决方案与案例的深度分析,从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。
调研分析发现,当前能源行业的安全建设正从基础防护向“业务安全与生产安全并重”转变。过去能源行业主要关注工控系统的基础隔离与合规要求,如今更强调攻击溯源、实时监测、生产业务零中断等高阶能力。此外,托管式安全运营服务正助力中小能源企业实现专业化、集约化的安全防护。
基于这些发现,我们将重点展示几个具有代表性的能源行业优秀安全解决方案,为能源行业的安全建设提供可借鉴的实践经验。
PS:解决方案展示排名不分先后,按企业简称首字母排序。
往期回顾:
2025中国网络安全「政务行业」优秀解决方案汇编
2025中国网络安全「金融行业」优秀解决方案汇编
Building cyber resilience in always-on industrial environments
9 months 2 weeks ago
In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also shares practical strategies for working with third-party partners and preparing for the next wave of automation. What unique cybersecurity challenges arise from smart warehouse systems and industrial control systems? Smart warehouses incorporate a … More →
The post Building cyber resilience in always-on industrial environments appeared first on Help Net Security.
Mirko Zorz