Kai-Tools

Kai Tools 🚀 Kai Tools adalah suite keamanan dan intelijen...

wp_exploitation_framework

🚀 WordPress PWN Framework v5.0 - AI-Powered Edition !Python...

CVE-2025-49997 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.17 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17...

CVE-2025-5829

creationtimestamp| type| source ---|---|--- 2025-06-11 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-348/ 2025-06-25 18:51:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19515...

CVE-2025-3182 projectworlds Online Doctor Appointment Booking System getschedule.php sql injection

A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-2737 PHPGurukul Old Age Home Management System contactus.php sql injection

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-29909

creationtimestamp| type| source ---|---|--- 2025-03-18 00:23:42+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114180582366575557...

CVE-2025-25582

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...

CVE-2025-21717

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: add missing cputonode to kvzallocnode in mlx5eopenxdpredirectsq kvzallocnode is not doing a runtime check on the node argument allocpagesnodenoprof does have a VMBUGON, but it expands to nothing on !CONFIGDEBUGVM build...

CVE-2024-45717

creationtimestamp| type| source ---|---|--- 2024-12-04 07:10:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113593300012479994 2024-12-04 07:13:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113593312893006400 2024-12-04 09:13:30+00:00| seen| https://t.me/cvedetector/119...

Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities

The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by...

CVE-2020-36787

In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled with eclk so the current clock enabling sequence works like below. Enable eclk De-assert Video Engine...

Is That Smart Home Technology Secure? Here’s How You Can Find Out.

As someone who likes the convenience of smart home Internet of Things IoT technology, I am regularly on the lookout for products that meet my expectations while also considering security and privacy concerns. Smart technology should never be treated differently than how we as consumers look at...

Ivanti patches second zero-day vulnerability being used in attacks

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency CISA has added the new...

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

The Cybersecurity and Infrastructure Security Agency CISA added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch FCEB agencies must remediate this...

Update now! ASUS fixes nine security flaws

ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8,...

CVE-2023-0074 WP Social Widget < 2.2.4 - Contributor+ Stored XSS

The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-45182

Pi-StarDVDash for Pi-Star DV before 5aa194d mishandles the module parameter...

Patch now! Netgear fixes serious smart switch vulnerabilities

In a security advisory, NetGear has announced it has fixed three vulnerabilities in firmware updates for several network devices. Most of the affected products are smart switches, some of them with cloud management capabilities that allow for configuring and monitoring them over the web. One of t...

Top Strategies That Define the Success of a Modern Vulnerability Management Program

The CVE database reported 18,325 vulnerabilities in 2020. To add to this, more than 40% of the vulnerabilities do not even have a CVE identifier assigned, and open vulnerabilities on organizations’ infrastructure are the most widely exploited pain points for malicious attacks – including...