CVE-2025-57935 WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics bot-block-stop-spam-google-analytics-referrals allows Stored XSS.This issue affects Bot Block – Stop Spam Referrals in Google Analytic...

CVE-2025-57935

Technical details about CVE-2025-57935 are not provided in the supplied documents. No specific affected product version, root cause, impact, or fix is disclosed here. Monitor for official updates from vendors and security advisories.

CVE-2025-57935 WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block Stop Spam Referrals in Google Analytics: from n/a through 2.6...

PT-2025-38785

Name of the Vulnerable Software and Affected Versions Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics versions through 2.6 Description The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS issue. This...

WordPress plugin Bot Block – Stop Spam Referrals in Google Analytics 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blogs on PHP and MySQL based...

MAL-2025-191852 Malicious code in readosso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 67ade73536cb4834ba05b33797c1cadcddbf7d90fc099bd6e53f94b9deec4f66 Package automatically starts a Discord bot waiting for instructions to download and start a remote executable --- Category: MALICIOUS - The campaign has clearl...

Malicious code in readosso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 67ade73536cb4834ba05b33797c1cadcddbf7d90fc099bd6e53f94b9deec4f66 Package automatically starts a Discord bot waiting for instructions to download and start a remote executable --- Category: MALICIOUS - The campaign has clearl...

CVE-2023-53433

In the Linux kernel, the following vulnerability has been resolved: net: add vlangetprotocolanddepth helper Before blamed commit, pskbmaypull was used instead of skbheaderpointer in vlangetprotocol and friends. Few callers depended on skb-head being populated with MAC header, syzbot caught one of...

CVE-2023-53420

In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfslistxattr Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfslistea fs/ntfs3/xattr.c:191 inline BUG: KASAN: slab-out-of-bounds in ntfslistxattr+0x401/0x5...

The API Battleground: Why APIs are the new frontline—and how to stop the stealthiest attacks

APIs used to be the quiet backstage crew that made apps feel magical. Now attackers have learned the script — they walk onstage, deliver perfectly polite lines, and walk off with the props. In H1 2025 Imperva observed 40,000+ API incidents across 4,000+ monitored environments , including an...

CVE-2023-53312

In the Linux kernel, the following vulnerability has been resolved: net: fix netdevstartxmit trace event vs skbtransportoffset After blamed commit, we must be more careful about using skbtransportoffset, as reminded us by syzbot: WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868...

teler-waf

This repository is an open-source Go HTTP middleware called teler-waf, which protects local web services from various threats, including OWASP Top 10 vulnerabilities, malicious actors, botnets, and brute force attacks. The repository contains a variety of files, including issue templates, pull...

CVE-2025-9111

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Linux Distros Unpatched Vulnerability : CVE-2020-15251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass...

CVE-2025-9111

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-55244

Azure Bot Service Elevation of Privilege Vulnerability...

Basecamp: Improper bot-authentication allows to impersonate any user when sending messages in a room

A vulnerability was discovered in the bot authentication mechanism. The issue allowed an unauthenticated user to impersonate any user and post messages in rooms the impersonated user had access to. The bot authentication function failed to properly validate the bot key, allowing a partial key to...

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. "The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating...

CVE-2025-55244

Azure Bot Service Elevation of Privilege Vulnerability...

CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability

...