February 2025

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer Endpoint Security / Vulnerability Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR St … Read more Published Date: Feb 24, 2025 (2 hours, 45 minutes ago) Vulnerabilities has […]

CVE ID : CVE-2025-22495 Published : Feb. 24, 2025, 5:15 p.m. | 52 minutes ago Description : An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in

CVE ID : CVE-2025-26201 Published : Feb. 24, 2025, 5:15 p.m. | 52 minutes ago Description : Credential disclosure vulnerability via the /staff route in GreaterWMS Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-26200 Published : Feb. 24, 2025, 5:15 p.m. | 52 minutes ago Description : SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13728 Published : Feb. 23, 2025, 6:15 a.m. | 2 hours, 23 minutes ago Description : The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes

CVE ID : CVE-2025-1577 Published : Feb. 23, 2025, 7:15 a.m. | 1 hour, 23 minutes ago Description : A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site

CVE ID : CVE-2025-1578 Published : Feb. 23, 2025, 8:15 a.m. | 23 minutes ago Description : A vulnerability, which was classified as critical, was found in PHPGurukul Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument product leads to sql injection. It is possible to initiate

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese sta … Read more Published Date: Feb 23, 2025 (49 minutes

CVE ID : CVE-2024-13900 Published : Feb. 21, 2025, 12:15 p.m. | 1 hour, 47 minutes ago Description : The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP

CVE ID : CVE-2024-9150 Published : Feb. 21, 2025, 12:15 p.m. | 1 hour, 47 minutes ago Description : Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code,