CVE Alert: CVE-2025-48339
Vulnerability Summary: CVE-2025-48339 Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access...
Month: July 2025
CVE Alert: CVE-2025-49876
Vulnerability Summary: CVE-2025-49876 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows...
CVE Alert: CVE-2025-49884
Vulnerability Summary: CVE-2025-49884 Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security...
CVE Alert: CVE-2025-50028
Vulnerability Summary: CVE-2025-50028 Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This...
CVE Alert: CVE-2025-49888
Vulnerability Summary: CVE-2025-49888 Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! allows Exploiting Incorrectly Configured Access Control Security Levels....
CVE Alert: CVE-2025-52714
Vulnerability Summary: CVE-2025-52714 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler allows...
CVE Alert: CVE-2025-52787
Vulnerability Summary: CVE-2025-52787 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EZiHosting Tennis Court Bookings allows...
CVE Alert: CVE-2025-52804
Vulnerability Summary: CVE-2025-52804 Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects...
CVE Alert: CVE-2025-52836
Vulnerability Summary: CVE-2025-52836 Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This...
CVE Alert: CVE-2025-52803
Vulnerability Summary: CVE-2025-52803 Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects...
CVE Alert: CVE-2025-52819
Vulnerability Summary: CVE-2025-52819 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos...
HackerOne Bug Bounty Disclosure: reflected-xss-in-manage-tags-notes-field-rishail
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Reflected XSS in "Manage Tags" Notes FieldReport...
HackerOne Bug Bounty Disclosure: account-takeover-of-existing-hackerone-accounts-through-scim-provisioning-boy-child
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:boy_child_Link to Submitters Profile:https://hackerone.com/boy_child_ Report Title:Account takeover of existing HackerOne accounts through...
HackerOne Bug Bounty Disclosure: reflected-xss-in-cost-tracker-notes-field-rishail
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Reflected XSS in "Cost Tracker" Notes FieldReport...
HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-xss-in-add-contact-name-field-mainwp-plugin-rishail
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Stored Cross-Site Scripting (XSS) in "Add Contact"...
HackerOne Bug Bounty Disclosure: reflected-xss-in-create-category-functionality-of-post-creation-module-rishail
Company Name: MainWP Company HackerOne URL: https://hackerone.com/mainwp Submitted By:rishail01Link to Submitters Profile:https://hackerone.com/rishail01 Report Title:Reflected XSS in "Create Category" Functionality of...
[QILIN] – Ransomware Victim: KEP Credit Union KEP
Ransomware Group: QILIN VICTIM NAME: KEP Credit Union KEP NOTE: No files or stolen information are by RedPacket Security. Any...
[AKIRA] – Ransomware Victim: Sib-Tryck Holding
Ransomware Group: AKIRA VICTIM NAME: Sib-Tryck Holding NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
[AKIRA] – Ransomware Victim: Fayrefield Foods
Ransomware Group: AKIRA VICTIM NAME: Fayrefield Foods NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
[AKIRA] – Ransomware Victim: Multilift Logistic Group
Ransomware Group: AKIRA VICTIM NAME: Multilift Logistic Group NOTE: No files or stolen information are by RedPacket Security. Any legal...
CVE Alert: CVE-2025-3871
Vulnerability Summary: CVE-2025-3871 Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial...
CVE Alert: CVE-2025-40923
Vulnerability Summary: CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a...
CVE Alert: CVE-2025-40919
Vulnerability Summary: CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce (client nonce) is generated...
CVE Alert: CVE-2025-52786
Vulnerability Summary: CVE-2025-52786 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kingdom Creation Media Folder allows...
