Breaking ECDSA with Electromagnetic Side-Channel Attacks: Challenges and Practicality on Modern Smartphones

Smartphones handle sensitive tasks such as messaging and payment and may soon support critical electronic identification through initiatives such as the European Digital Identity EUDI wallet, currently under development. Yet the susceptibility of modern smartphones to physical side-channel analys...

WordPress Generic Elements plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Generic Elements versions = 1.2.9...

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization SEO poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloadin...

EUVD-2025-201088

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from an algorithmic complexity issue when constructing nested elements, which could lead to a usability impact when constructing excessively nested documents...

GHSA-4FH9-H7WG-Q85M mdast-util-to-hast has unsanitized class attribute

Impact Multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. The following markdown: markdown jsxss Would create If your page then applied .xss classes or...

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

CVE-2025-66400

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...

CVE-2025-66400

Summary: mdast-util-to-hast (an MD to HAST utility) is affected from versions 13.0.0 up to before 13.2.1. The issue arises when using character references to inject unprefixed classnames in Markdown sources, which can cause rendered user-supplied code elements to appear as part of the page. The p...

CVE-2025-66400 mdast-util-to-hast unsanitized class attribute

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...

PT-2025-48573

Name of the Vulnerable Software and Affected Versions mdast-util-to-hast versions 13.0.0 through 13.2.0 Description mdast-util-to-hast, a utility used to transform markdown to HTML, has an issue where multiple, unprefixed classnames could be added to markdown source using character references. Th...

EUVD-2025-199824

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-13692

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-13692 Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-13692

CVE-2025-13692 affects the WordPress plugin family Unlimited Elements for Elementor (and Premium) up to version 2.0. It enables unauthenticated Stored Cross-Site Scripting via SVG file uploads caused by insufficient input sanitization and output escaping. Exploitation requires a form upload field...

CVE-2025-13692 Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

WordPress Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) plugin <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements for Elementor Premium versions = 2.0...