Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!

Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad,…...

WordPress Friends plugin <= 3.5.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Pham Nguyen Khoa in WordPress Plugin Friends versions = 3.5.1...

WordPress GB Forms DB plugin <= 1.0.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by CVEhunter in WordPress Plugin GB Forms DB versions = 1.0.2...

WordPress Diza Theme <= 1.3.8 is vulnerable to Local File Inclusion

Software Diza Type Theme Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49261 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 245a89f54fc7 Credits Phat RiO - BlueRock Required privilege...

WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer EPC PSID 070158f14a77 Credits Rafie Muhammad Patchstack Required privilege Subscriber Published 22...

Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities CVE-2025-4427, CVE-2025-4428 that enable pre-authenticated remote…...

Patch Tuesday, May 2025 Edition

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesse...

WordPress Testimonial Slider and Showcase Pro plugin <= 2.1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider And Showcase Pro versions = 2.1.7...

WordPress Grip Theme <= 1.0.9 is vulnerable to Local File Inclusion

Software Grip Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26735 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b5e4d6f7b083 Credits tahu.datar Required privilege Unauthenticated Publishe...

WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by theviper17 in WordPress Plugin Solace Extra versions = 1.3.1...

Backdoor in XZ Utils allows RCE: everything you need to know

Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently...

Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite

Over the past few weeks, five different vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one of which is unpatched, and four of which are being actively and widely exploited in the wild by well-organized threat actors. We urge organizations who use Zimbra to patch ...