CVE-2025-64230 WordPress Filr plugin <= 1.2.10 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through = 1.2.10...

EUVD-2025-204072

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through = 1.2.10...

CVE-2025-64230 WordPress Filr plugin <= 1.2.10 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through = 1.2.10...

EUVD-2025-204248

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...

CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...

CVE-2025-14304

Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory...

CVE-2025-14303

Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are...

PT-2025-52173

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through = 1.2.10...

BullWall Server Intrusion Protection 安全漏洞

BullWall Server Intrusion Protection is a server security software from the Danish company BullWall. A security vulnerability exists in BullWall Server Intrusion Protection versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4, which stems from a delayed MFA check and could lead to a privileged attacke...

PT-2025-51998

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.33 Description The Download Manager plugin for WordPress is susceptible to unauthorized access of sensitive information. This is caused by missing authorization and capability checks ...

PT-2025-52342

Name of the Vulnerable Software and Affected Versions BullWall versions 4.6.0.0 through 4.6.1.4 Description BullWall Server Intrusion Protection services start after login services. An attacker who is already authenticated and has administrative privileges can log in following a system boot,...

EulerOS Virtualization 2.13.0 : EDK2 (EulerOS-SA-2025-2571)

According to the versions of the EDK2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access. Successful...

PT-2025-52341

Name of the Vulnerable Software and Affected Versions BullWall Server Intrusion Protection versions 4.6.0.0 through 4.6.1.4 Description BullWall Server Intrusion Protection exhibits a delay before Multi-Factor Authentication MFA is checked when connecting via Remote Desktop Protocol RDP. A remote...

BullWall Ransomware Containment and Server Intrusion Protection multiple vulnerabilities

RISK EVALUATION BullWall Ransomware Containment and Server Intrusion Protection are products used for ransomware containment. Multiple vulnerabilities were reported that when used individually or in conjunction could allow a remote attacker with valid credentials to log in to a system with...

EulerOS Virtualization 2.13.1 : EDK2 (EulerOS-SA-2025-2536)

According to the versions of the EDK2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access. Successful...

CVE-2025-68434

CVE-2025-68434 affects OpenSourcePOS 3.4.0–3.4.1, where CSRF protection was explicitly disabled in the global filters, allowing a logged-in administrator’s browser to be coerced into making state-changing POST requests and silently create a new Administrator account. The issue is fixed in 3.4.2 b...

CVE-2025-43514

The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data...

Border Patrol Bets on Small Drones to Expand US Surveillance Reach

Federal records show CBP is moving from testing small drones to making them standard surveillance tools, expanding a network that can follow activity in real time and extend well beyond the border...

Inside a purchase order PDF phishing campaign

A PDF named "NEW Purchase Order 52177236.pdf" turned out to be a phishing lure. So we analyzed the phishing script behind it. A customer contacted me when Malwarebytes blocked the link inside a “purchase order” email they had received. Malwarebytes blocked this ionoscloud.com subdomain When I...

CVE-2025-14096

CVE-2025-14096 describes a vulnerability in multiple Radiometer products where an attacker with physical access to the analyzer can potentially extract credential information due to a weakness in the operating system’s credential protection. The issue is rooted in design weaknesses within the OS ...