CVE Alert: CVE-2025-45150
Vulnerability Summary: CVE-2025-45150 Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying...
CVE Alert: CVE-2025-51502
Vulnerability Summary: CVE-2025-51502 Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows...
CVE Alert: CVE-2025-51504
Vulnerability Summary: CVE-2025-51504 Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last...
CVE Alert: CVE-2025-52390
Vulnerability Summary: CVE-2025-52390 Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the...
HackerOne Bug Bounty Disclosure: integer-overflow-in-schannel-c-tls-data-transmission-kakorrhaphiophobia
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kakorrhaphiophobiaLink to Submitters Profile:https://hackerone.com/kakorrhaphiophobia Report Title:Integer Overflow in schannelc TLS Data TransmissionReport...
[IMNCREW] – Ransomware Victim: Onegolditalia[.]it
Ransomware Group: IMNCREW VICTIM NAME: Onegolditaliait NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CVE Alert: CVE-2023-32256
Vulnerability Summary: CVE-2023-32256 A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation...
CVE Alert: CVE-2025-49832
Vulnerability Summary: CVE-2025-49832 Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including...
CVE Alert: CVE-2025-45778
Vulnerability Summary: CVE-2025-45778 A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute...
CVE Alert: CVE-2025-33118
Vulnerability Summary: CVE-2025-33118 IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability...
CVE Alert: CVE-2025-2824
Vulnerability Summary: CVE-2025-2824 IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct...
CVE Alert: CVE-2025-54595
Vulnerability Summary: CVE-2025-54595 Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper...
CVE Alert: CVE-2025-54593
Vulnerability Summary: CVE-2025-54593 FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can...
CVE Alert: CVE-2025-50869
Vulnerability Summary: CVE-2025-50869 A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input...
CVE Alert: CVE-2025-50870
Vulnerability Summary: CVE-2025-50870 Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts...
CVE Alert: CVE-2025-50868
Vulnerability Summary: CVE-2025-50868 A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is...
[LYNX] – Ransomware Victim: www[.]pefco[.]com
Ransomware Group: LYNX VICTIM NAME: wwwpefcocom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[RHYSIDA] – Ransomware Victim: Cookeville Regional Medical Center
Ransomware Group: RHYSIDA VICTIM NAME: Cookeville Regional Medical Center NOTE: No files or stolen information are by RedPacket Security. Any...
[MEDUSA] – Ransomware Victim: White Coffee Corporation
Ransomware Group: MEDUSA VICTIM NAME: White Coffee Corporation NOTE: No files or stolen information are by RedPacket Security. Any legal...
[MEDUSA] – Ransomware Victim: Franklin Pierce Schools
Ransomware Group: MEDUSA VICTIM NAME: Franklin Pierce Schools NOTE: No files or stolen information are by RedPacket Security. Any legal...
CVE Alert: CVE-2025-54564
Vulnerability Summary: CVE-2025-54564 uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows...
CVE Alert: CVE-2025-54574
Vulnerability Summary: CVE-2025-54574 Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to...
CVE Alert: CVE-2025-6014
Vulnerability Summary: CVE-2025-6014 Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within...
CVE Alert: CVE-2025-6011
Vulnerability Summary: CVE-2025-6011 A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to...
