Month: May 2025

CVE Alert: CVE-2025-4179

May 4, 2025

Vulnerability Summary: CVE-2025-4179 The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capability...

CVE Alert: CVE-2024-13322

May 4, 2025

Vulnerability Summary: CVE-2024-13322 The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection...

CVE Alert: CVE-2025-4131

May 4, 2025

Vulnerability Summary: CVE-2025-4131 The GmapsMania plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gmap shortcode in...

CVE Alert: CVE-2024-13419

May 4, 2025

Vulnerability Summary: CVE-2024-13419 Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to...

CVE Alert: CVE-2024-12023

May 4, 2025

Vulnerability Summary: CVE-2024-12023 The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in...

CVE Alert: CVE-2024-13418

May 4, 2025

Vulnerability Summary: CVE-2024-13418 Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability...

CVE Alert: CVE-2024-13420

May 3, 2025

Vulnerability Summary: CVE-2024-13420 Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check...

CVE Alert: CVE-2025-1326

May 3, 2025

Vulnerability Summary: CVE-2025-1326 The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability...

CVE Alert: CVE-2025-3510

May 3, 2025

Vulnerability Summary: CVE-2025-3510 The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all...

CVE Alert: CVE-2025-1327

May 3, 2025

Vulnerability Summary: CVE-2025-1327 The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to,...

CVE Alert: CVE-2024-13344

May 3, 2025

Vulnerability Summary: CVE-2024-13344 The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the...

CVE Alert: CVE-2025-3708

May 3, 2025

Vulnerability Summary: CVE-2025-3708 Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to...

CVE Alert: CVE-2025-3858

May 3, 2025

Vulnerability Summary: CVE-2025-3858 The Formality plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all...

CVE Alert: CVE-2025-3709

May 3, 2025

Vulnerability Summary: CVE-2025-3709 Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this...

CVE Alert: CVE-2025-3748

May 3, 2025

Vulnerability Summary: CVE-2025-3748 The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu...

CVE Alert: CVE-2025-3707

May 3, 2025

Vulnerability Summary: CVE-2025-3707 The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to...

[HELLCAT] – Ransomware Victim: www

May 3, 2025

Ransomware Group: HELLCAT VICTIM NAME: www NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...

HackerOne Bug Bounty Disclosure: -names-nsf-and-all-names-files-route-to-public-api-on-rubygems-org-jagat-singh

May 3, 2025

Company Name: RubyGems Company HackerOne URL: https://hackerone.com/rubygems Submitted By:jagat-singhLink to Submitters Profile:https://hackerone.com/jagat-singh Report Title:`/namesnsf` and all `/names*` files route to...

[MONTI] – Ransomware Victim: American Eagle Logistics

May 3, 2025

Ransomware Group: MONTI VICTIM NAME: American Eagle Logistics NOTE: No files or stolen information are by RedPacket Security. Any legal...

CVE Alert: CVE-2025-3488

May 3, 2025

Vulnerability Summary: CVE-2025-3488 The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpml_language_switcher shortcode in...

CVE Alert: CVE-2025-3438

May 3, 2025

Vulnerability Summary: CVE-2025-3438 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is...

CVE Alert: CVE-2025-3513

May 3, 2025

Vulnerability Summary: CVE-2025-3513 The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which...

CVE Alert: CVE-2025-47201

May 3, 2025

Vulnerability Summary: CVE-2025-47201 In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code...

CVE Alert: CVE-2025-3514

May 3, 2025

Vulnerability Summary: CVE-2025-3514 The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which...

Month: May 2025

CVE Alert: CVE-2025-4179

CVE Alert: CVE-2024-13322

CVE Alert: CVE-2025-4131

CVE Alert: CVE-2024-13419

CVE Alert: CVE-2024-12023

CVE Alert: CVE-2024-13418

CVE Alert: CVE-2024-13420

CVE Alert: CVE-2025-1326

CVE Alert: CVE-2025-3510

CVE Alert: CVE-2025-1327

CVE Alert: CVE-2024-13344

CVE Alert: CVE-2025-3708

CVE Alert: CVE-2025-3858

CVE Alert: CVE-2025-3709

CVE Alert: CVE-2025-3748

CVE Alert: CVE-2025-3707

[HELLCAT] – Ransomware Victim: www

HackerOne Bug Bounty Disclosure: -names-nsf-and-all-names-files-route-to-public-api-on-rubygems-org-jagat-singh

[MONTI] – Ransomware Victim: American Eagle Logistics

CVE Alert: CVE-2025-3488

CVE Alert: CVE-2025-3438

CVE Alert: CVE-2025-3513

CVE Alert: CVE-2025-47201

CVE Alert: CVE-2025-3514

[INTERLOCK] – Ransomware Victim: In’Tech Industries

[ARKANA] – Ransomware Victim: Ticketmaster

Cobalt Strike Beacon Detected – 8[.]140[.]239[.]162:81

Cobalt Strike Beacon Detected – 62[.]234[.]185[.]105:80

Cobalt Strike Beacon Detected – 8[.]138[.]252[.]191:8081

You may have missed