CVE-2025-7050 Use-your-Drive | Google Drive plugin for WordPress <= 3.3.1- Unauthenticated Stored Cross-Site Scripting via File Metadata

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-7050

CVE-2025-7050 affects Use-your-Drive | Google Drive plugin for WordPress (versions

(0Day) Google Drive ZIP File Mark-of-the-Web Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Google Drive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

WordPress plugin Use-your-Drive | Google Drive 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2025-31907 · WordPress · Use-Your-Drive | Google Drive

Name of the Vulnerable Software and Affected Versions: Use-your-Drive | Google Drive plugin for WordPress versions prior to 3.3.2 Description: The Use-your-Drive | Google Drive plugin for WordPress is susceptible to Stored Cross-Site Scripting via the title parameter in file metadata. Insufficien...

(0Day) Google Drive File Sharing Mark-of-the-Web Bypass Vulnerability

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Google Drive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A vulnerability has been identified in Node.js, specifically...

Development and Analysis of a Secured VoIP System for Surveillance Activities

Since the 1990s, the telephone has been the primary mode of communication. However, Voice over Internet Protocol VoIP, which is a highly straightforward and affordable form of data transfer, is now becoming an important part of daily communication. VoIP is the technology that makes it possible to...

MAL-2025-6283 Malicious code in drive-sdk (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in drive-sdk (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in ringcentral-google-drive-notification-add-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afbe2fb4071ec030a6a51319f5f0b9d45664bf8caba681cfac58bb60bd001cf0 The OpenSSF Package Analysis project identified 'ringcentral-google-drive-notification-add-in' @ 2.2.2 npm as malicious. It is considered...

MAL-2025-5849 Malicious code in ringcentral-google-drive-notification-add-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afbe2fb4071ec030a6a51319f5f0b9d45664bf8caba681cfac58bb60bd001cf0 The OpenSSF Package Analysis project identified 'ringcentral-google-drive-notification-add-in' @ 2.2.2 npm as malicious. It is considered...

DEBIAN-CVE-2025-38336

In the Linux kernel, the following vulnerability has been resolved: ata: patavia: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device attached, it can also...

CVE-2025-3705

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' when loading a config file from a USB drive...

From Click to Compromise: Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities

From Click to Compromise: Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities By Aniket Choukde, Aparna Aripirala, Alisha Kadam, Akhil Reddy, Pham Duy Phuc and Alex Lanstein · July 8, 2025 Introduction The DoNot APT group, also identified by various...

CVE-2025-3705

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' when loading a config file from a USB drive...

CVE-2025-3705 OS Command Injection via USB Config Load

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' when loading a config file from a USB drive...

PT-2025-28144 · Frauscher · Fds-Snmp101 +2

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command when loading a config file from a...

CVE-2025-27460

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker ca...

CVE-2025-27460

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker ca...