WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

CVE-2025-66033

CVE-2025-66033 affects Okta Java Management SDK (versions 21.0.0–24.0.0). The issue involves improper thread cleanup in multithreaded use of the ApiClient, which can cause memory issues and, under sustained load, degrade performance and availability and may lead to a denial-of-service. Red Hat/Re...

CVE-2025-64893

DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user...

CVE-2025-67594

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through = 1.3.3...

GhostFrame phishing kit fuels widespread attacks against millions

GhostFrame is a new phishing-as-a-service PhaaS kit, tracked since September 2025, that has already powered more than a million phishing attacks. Threat analysts spotted a series of phishing attacks featuring tools and techniques they hadn't seen before. A few months later, they had linked over a...

CVE-2025-2296

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...

EUVD-2025-202353

Malicious code in database-mongoose-kit npm...

Malicious Package

Overview database-mongoose-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in database-mongoose-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df08b31cea7b04dc684cec25582ae2e1877edf126ed8b1963f77c87b4d93de08 The package database-mongoose-kit was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192398 Malicious code in database-mongoose-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df08b31cea7b04dc684cec25582ae2e1877edf126ed8b1963f77c87b4d93de08 The package database-mongoose-kit was found to contain malicious code. Source: ghsa-malware...

Okta Java Management SDK 竞争条件问题漏洞

Okta Java Management SDK is an open source Java development toolkit from Okta, Inc. A Competitive Condition Issue vulnerability exists in Okta Java Management SDK versions 11.0.0 through 20.0.0, which arises from concurrent requests using the ApiClient class that may result in a competitive...

Malicious code in ctosec-appsec-wb-xray-adapter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33176e85f6e5dce44273ddbf5be45cf64ddd36db281b50a5868851a32fb19d0c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-64894

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction ...

CVE-2025-64783

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-64893 DNG SDK | Out-of-bounds Read (CWE-125)

DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user...

CVE-2025-64783

CVE-2025-64783 affects Adobe DNG SDK versions 1.7.0 and earlier, due to an Integer Overflow or Wraparound that could lead to arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Public material in connected sources describes proofs ...

EUVD-2025-202262

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-67594

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through = 1.3.3...

CVE-2025-67594

CVE-2025-67594 references indicate an insecure direct object references (IDOR) vulnerability in the WordPress plugin Thim Elementor Kit