CVE Alert: CVE-2025-28916
Vulnerability Summary: CVE-2025-28916 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound...
CVE Alert: CVE-2025-28917
Vulnerability Summary: CVE-2025-28917 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Smilies allows Stored...
CVE Alert: CVE-2025-28899
Vulnerability Summary: CVE-2025-28899 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Event Ticketing allows...
CVE Alert: CVE-2025-28911
Vulnerability Summary: CVE-2025-28911 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF allows...
CVE Alert: CVE-2025-28903
Vulnerability Summary: CVE-2025-28903 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Driving Directions allows Reflected...
CVE Alert: CVE-2025-28934
Vulnerability Summary: CVE-2025-28934 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Post Series allows...
CVE Alert: CVE-2025-28939
Vulnerability Summary: CVE-2025-28939 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WP Google...
CVE Alert: CVE-2025-28898
Vulnerability Summary: CVE-2025-28898 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WP Multistore...
CVE Alert: CVE-2025-28935
Vulnerability Summary: CVE-2025-28935 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Fancybox Plus allows Reflected...
CVE Alert: CVE-2025-28928
Vulnerability Summary: CVE-2025-28928 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google...
HackerOne Bug Bounty Disclosure: http-response-header-injection-in-shopify-pitchfork-rack-ooooooo-q
Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:HTTP Response Header Injection in shopify/pitchfork +...
HackerOne Bug Bounty Disclosure: cloudflare-waf-bypass-origin-ip-exposure-aaravhex
Company Name: Hemi VDP Company HackerOne URL: https://hackerone.com/hemi_labs_vdp Submitted By:aaravhexLink to Submitters Profile:https://hackerone.com/aaravhex Report Title:Cloudflare WAF Bypass - Origin IP...
CVE Alert: CVE-2025-30524
Vulnerability Summary: CVE-2025-30524 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog...
CVE Alert: CVE-2025-28924
Vulnerability Summary: CVE-2025-28924 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ZenphotoPress allows Reflected XSS....
CVE Alert: CVE-2025-28942
Vulnerability Summary: CVE-2025-28942 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust...
CVE Alert: CVE-2025-2819
Vulnerability Summary: CVE-2025-2819 There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient...
CVE Alert: CVE-2025-2820
Vulnerability Summary: CVE-2025-2820 An authenticated attacker can compromise the availability of the device via the network Affected Endpoints: No affected...
CVE Alert: CVE-2025-27405
Vulnerability Summary: CVE-2025-27405 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in...
CVE Alert: CVE-2025-27406
Vulnerability Summary: CVE-2025-27406 Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework...
CVE Alert: CVE-2025-30225
Vulnerability Summary: CVE-2025-30225 Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting...
CVE Alert: CVE-2025-2825
Vulnerability Summary: CVE-2025-2825 CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result...
CVE Alert: CVE-2025-2783
Vulnerability Summary: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed...
Cobalt Strike Beacon Detected – 120[.]48[.]84[.]23:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 196[.]251[.]118[.]9:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
