cybernews

fuite de donnée enregistrée

Latest News

CVE-2025-6350 - WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6350
Published : June 28, 2025, 4:15 a.m. | 40 minutes ago
Description : The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 04:15:00 GMT

CVE-2025-6379 - BeeTeam368 Extensions Pro for WordPress Directory Traversal Vulnerability

CVE ID : CVE-2025-6379
Published : June 28, 2025, 4:15 a.m. | 40 minutes ago
Description : The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 04:15:00 GMT

CVE-2025-6381 - BeeTeam368 Extensions plugin for WordPress Directory Traversal Vulnerability

CVE ID : CVE-2025-6381
Published : June 28, 2025, 4:15 a.m. | 40 minutes ago
Description : The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 04:15:00 GMT

CVE-2025-53380 - Apache Struts Deserialization Vulnerability

CVE ID : CVE-2025-53380
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53381 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-53381
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53382 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-53382
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53383 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-53383
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53384 - Apache HTTP Server Information Disclosure

CVE ID : CVE-2025-53384
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53385 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-53385
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53386 - FTC's Online Payment Processing System Authentication Bypass

CVE ID : CVE-2025-53386
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53387 - Apache Apache HTTP Server Remote Code Execution

CVE ID : CVE-2025-53387
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2025-53388 - Apache HTTP Server SQL Injection

CVE ID : CVE-2025-53388
Published : June 28, 2025, 3:15 a.m. | 1 hour, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 03:15:00 GMT

CVE-2024-39730 - IBM Datacap Navigator Click Hijacking Vulnerability

CVE ID : CVE-2024-39730
Published : June 28, 2025, 1:15 a.m. | 3 hours, 1 minute ago
Description : IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 01:15:00 GMT

CVE-2024-52900 - IBM Cognos Analytics Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-52900
Published : June 28, 2025, 1:15 a.m. | 3 hours, 1 minute ago
Description : IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 01:15:00 GMT

CVE-2025-36026 - IBM Datacap Insecure Cookie Handling Vulnerability

CVE ID : CVE-2025-36026
Published : June 28, 2025, 1:15 a.m. | 3 hours, 1 minute ago
Description : IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 01:15:00 GMT

CVE-2025-36027 - IBM Datacap Clickjacking Vulnerability

CVE ID : CVE-2025-36027
Published : June 28, 2025, 1:15 a.m. | 3 hours, 1 minute ago
Description : IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 28 Jun 2025 01:15:00 GMT

CVE-2024-36347 - AMD CPU ROM Microcode Signature Verification Bypass (Validation Bypass)

CVE ID : CVE-2024-36347
Published : June 27, 2025, 11:15 p.m. | 5 hours, 1 minute ago
Description : Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 23:15:00 GMT

CVE-2025-53097 - Roo Code Schema Fetching File Read and Write Vulnerability

CVE ID : CVE-2025-53097
Published : June 27, 2025, 10:15 p.m. | 6 hours, 1 minute ago
Description : Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent could potentially read a sensitive file and then write the information to a JSON schema. Users have the option to disable schema fetching in VS Code, but the feature is enabled by default. For users with this feature enabled, writing to the schema would trigger a network request without the user having a chance to deny. This issue is of moderate severity, since it requires the attacker to already be able to submit prompts to the agent. Version 3.20.3 fixed the issue where `search_files` did not respect the setting to limit it to the workspace. This reduces the scope of the damage if an attacker is able to take control of the agent through prompt injection or another vector.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 22:15:00 GMT

CVE-2025-53098 - Roo Code MCP Configuration Command Injection Vulnerability

CVE ID : CVE-2025-53098
Published : June 27, 2025, 10:15 p.m. | 6 hours, 1 minute ago
Description : Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would have been possible for an attacker with access to craft a prompt to ask the agent to write a malicious command to the MCP configuration file. If the user had opted-in to auto-approving file writes within the project, this would have led to arbitrary command execution. This issue is of moderate severity, since it requires the attacker to already be able to submit prompts to the agent (for instance through a prompt injection attack), for the user to have MCP enabled (on by default), and for the user to have enabled auto-approved file writes (off by default). Version 3.20.3 fixes the issue by adding an additional layer of opt-in configuration for auto-approving writing to Roo's configuration files, including all files within the `.roo/` folder.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 22:15:00 GMT

CVE-2025-6777 - Food Distributor Site SQL Injection Vulnerability

CVE ID : CVE-2025-6777
Published : June 27, 2025, 9:15 p.m. | 7 hours, 1 minute ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 21:15:00 GMT

CVE-2025-6778 - Food Distributor Site Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6778
Published : June 27, 2025, 9:15 p.m. | 7 hours, 1 minute ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the argument site_phone/site_email/address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 21:15:00 GMT

CVE-2025-53094 - ESPAsyncWebServer CRLF Injection Vulnerability

CVE ID : CVE-2025-53094
Published : June 27, 2025, 8:15 p.m. | 8 hours, 1 minute ago
Description : ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within `AsyncWebHeader.cpp`. Unsanitized input allows attackers to inject CR (`\r`) or LF (`\n`) characters into header names or values, leading to arbitrary header or response manipulation. Manipulation of HTTP headers and responses can enable a wide range of attacks, making the severity of this vulnerability high. A fix is available at pull request 211 and is expected to be part of version 3.7.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 20:15:00 GMT

CVE-2025-6774 - Gooaclok819 SublinkX Path Traversal Vulnerability

CVE ID : CVE-2025-6774
Published : June 27, 2025, 8:15 p.m. | 8 hours, 1 minute ago
Description : A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9 is able to address this issue. The patch is identified as 778d26aef723daa58df98c8060c43f5bf5d1b10b. It is recommended to upgrade the affected component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 20:15:00 GMT

CVE-2025-6775 - Xiaoyunjie OpenVPN-CMS-Flask Command Injection Vulnerability

CVE ID : CVE-2025-6775
Published : June 27, 2025, 8:15 p.m. | 8 hours, 1 minute ago
Description : A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 20:15:00 GMT

CVE-2025-6776 - Xiaoyunjie OpenVPN-CMS-Flask Remote Path Traversal

CVE ID : CVE-2025-6776
Published : June 27, 2025, 8:15 p.m. | 8 hours, 1 minute ago
Description : A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 20:15:00 GMT

CVE-2025-6772 - Eosphoros-AI Db-GPT Path Traversal Vulnerability

CVE ID : CVE-2025-6772
Published : June 27, 2025, 7:15 p.m. | 9 hours, 1 minute ago
Description : A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 19:15:00 GMT

CVE-2025-6773 - HKUDS LightRAG Path Traversal Vulnerability

CVE ID : CVE-2025-6773
Published : June 27, 2025, 7:15 p.m. | 9 hours, 1 minute ago
Description : A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal. It is possible to launch the attack on the local host. The identifier of the patch is 60777d535b719631680bcf5d0969bdef79ca4eaf. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 19:15:00 GMT

CVE-2025-6522 - Sight Bulb Pro Root Shell Command Injection Vulnerability

CVE ID : CVE-2025-6522
Published : June 27, 2025, 6:15 p.m. | 10 hours ago
Description : Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 18:15:00 GMT

CVE-2025-53093 - TabberNeue Cross-Site Scripting (XSS)

CVE ID : CVE-2025-53093
Published : June 27, 2025, 6:15 p.m. | 8 hours ago
Description : TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `` tag. Version 3.1.1 contains a patch for the bug.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 18:15:00 GMT

CVE-2025-5310 - Dover Fueling Solutions ProGauge MagLink LX Consoles Unauthenticated Remote Code Execution

CVE ID : CVE-2025-5310
Published : June 27, 2025, 6:15 p.m. | 8 hours ago
Description : Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 18:15:00 GMT

CVE-2024-12364 - Mavi Yeşil Software Guest Tracking Software SQL Injection Vulnerability

CVE ID : CVE-2024-12364
Published : June 27, 2025, 5:15 p.m. | 9 hours ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2025-44557 - Cypress PSoC4 BLE State Machine Transition Vulnerability

CVE ID : CVE-2025-44557
Published : June 27, 2025, 5:15 p.m. | 9 hours ago
Description : A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2025-44559 - Realtek RTL8762E BLE DoS Vulnerability

CVE ID : CVE-2025-44559
Published : June 27, 2025, 5:15 p.m. | 9 hours ago
Description : An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2025-46707 - VMware ESXi Firmware Privilege Escalation

CVE ID : CVE-2025-46707
Published : June 27, 2025, 5:15 p.m. | 9 hours ago
Description : Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2025-46708 - VMware ESXi GPU Resource Hijacking

CVE ID : CVE-2025-46708
Published : June 27, 2025, 5:15 p.m. | 9 hours ago
Description : Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2025-52207 - MikoPBX PHP File Upload Vulnerability

CVE ID : CVE-2025-52207
Published : June 27, 2025, 5:15 p.m. | 9 hours ago
Description : PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2025-6521 - Sight Bulb Pro Cleartext AES Encryption Key Exfiltration

CVE ID : CVE-2025-6521
Published : June 27, 2025, 5:15 p.m. | 9 hours ago
Description : During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which may include sensitive information such as network credentials.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2024-12143 - Mobilteg Mobile Informatics Mikro Hand Terminal SQL Injection

CVE ID : CVE-2024-12143
Published : June 27, 2025, 5:15 p.m. | 6 hours, 58 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2024-12150 - Eron Software Wowwo CRM SQL Injection

CVE ID : CVE-2024-12150
Published : June 27, 2025, 5:15 p.m. | 6 hours, 58 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 17:15:00 GMT

CVE-2025-50369 - PHPGurukul Medical Card Generation System CSRF Vulnerability

CVE ID : CVE-2025-50369
Published : June 27, 2025, 4:15 p.m. | 7 hours, 58 minutes ago
Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 16:15:00 GMT

CVE-2025-50370 - Phpgurukul Medical Card Generation System CSRF Vulnerability

CVE ID : CVE-2025-50370
Published : June 27, 2025, 4:15 p.m. | 7 hours, 58 minutes ago
Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 16:15:00 GMT

CVE-2024-11739 - Case Informatics Case ERP SQL Injection

CVE ID : CVE-2024-11739
Published : June 27, 2025, 4:15 p.m. | 5 hours, 57 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 16:15:00 GMT

CVE-2025-50367 - PhpGurukul Medical Card Generation System Stored Blind XSS

CVE ID : CVE-2025-50367
Published : June 27, 2025, 4:15 p.m. | 5 hours, 57 minutes ago
Description : A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 16:15:00 GMT

CVE-2025-6705 - Microsoft Azure DevOps Open-VSX Unauthorized Build Script Execution Vulnerability

CVE ID : CVE-2025-6705
Published : June 27, 2025, 3:15 p.m. | 6 hours, 57 minutes ago
Description : On open-vsx.org https://open-vsx.org/ it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of CI job runs. An attacker who had access to an existing extension could take over the service account of the marketplace. The issue has been fixed on June 24th, 2025 and the vulnerable code present in the publish-extension code repository.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 15:15:00 GMT

CVE-2023-38007 - IBM Cloud Pak System HTML Injection Vulnerability

CVE ID : CVE-2023-38007
Published : June 27, 2025, 3:15 p.m. | 4 hours, 52 minutes ago
Description : IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 15:15:00 GMT

CVE-2025-52553 - Authentik RAC Token Session Hijacking Vulnerability

CVE ID : CVE-2025-52553
Published : June 27, 2025, 3:15 p.m. | 4 hours, 52 minutes ago
Description : authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, however this check is missing in versions prior to 2025.6.3 and 2025.4.3. When, for example, using RAC during a screenshare, a malicious user could access the same session by copying the URL from the shown browser. authentik 2025.4.3 and 2025.6.3 fix this issue. As a workaround, it is recommended to decrease the duration a token is valid for (in the RAC Provider settings, set Connection expiry to `minutes=5` for example). The maintainers of authentik also recommend enabling the option Delete authorization on disconnect.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 15:15:00 GMT

CVE-2025-53091 - WeGIA Time-Based Blind SQL Injection

CVE ID : CVE-2025-53091
Published : June 27, 2025, 3:15 p.m. | 4 hours, 52 minutes ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. Version 3.4.0 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 15:15:00 GMT

CVE-2025-53338 - Re.place CSRF Stored XSS

CVE ID : CVE-2025-53338
Published : June 27, 2025, 2:15 p.m. | 5 hours, 52 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53339 - Devnex Addons For Elementor PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-53339
Published : June 27, 2025, 2:15 p.m. | 5 hours, 52 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. This issue affects Devnex Addons For Elementor: from n/a through 1.0.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-6768 - "Sfturing Hosp_Order SQL Injection Vulnerability"

CVE ID : CVE-2025-6768
Published : June 27, 2025, 2:15 p.m. | 5 hours, 52 minutes ago
Description : A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53332 - Ethoseo Track Everything CSRF Stored XSS

CVE ID : CVE-2025-53332
Published : June 27, 2025, 2:15 p.m. | 4 hours, 39 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything allows Stored XSS. This issue affects Track Everything: from n/a through 2.0.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53336 - Abditsori My Resume Builder Stored Cross-Site Scripting

CVE ID : CVE-2025-53336
Published : June 27, 2025, 2:15 p.m. | 4 hours, 39 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abditsori My Resume Builder allows Stored XSS. This issue affects My Resume Builder: from n/a through 1.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53327 - Aioseo Multibyte Descriptions CSRF

CVE ID : CVE-2025-53327
Published : June 27, 2025, 2:15 p.m. | 3 hours, 35 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53329 - Szajenw Społecznościowa CSRF Stored XSS

CVE ID : CVE-2025-53329
Published : June 27, 2025, 2:15 p.m. | 3 hours, 35 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 allows Stored XSS. This issue affects Społecznościowa 6 PL 2013: from n/a through 2.0.6.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53331 - Samcharrington RSS Digest CSRF Stored XSS

CVE ID : CVE-2025-53331
Published : June 27, 2025, 2:15 p.m. | 3 hours, 35 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53310 - Funnnny HidePost CSRF Reflected XSS

CVE ID : CVE-2025-53310
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost allows Reflected XSS. This issue affects HidePost: from n/a through 2.3.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53311 - Navayan Subscribe CSRF Stored XSS

CVE ID : CVE-2025-53311
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53312 - OnionBuzz Looks Awesome CSRF Stored XSS

CVE ID : CVE-2025-53312
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz allows Stored XSS. This issue affects OnionBuzz: from n/a through 1.0.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53313 - Twitch TV Embed Suite CSRF Stored XSS

CVE ID : CVE-2025-53313
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53314 - Sh1zen WP Optimizer CSRF-Enabled SQL Injection

CVE ID : CVE-2025-53314
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This issue affects WP Optimizer: from n/a through 2.3.6.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53315 - Alanft Relocate Upload CSRF Stored XSS

CVE ID : CVE-2025-53315
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53317 - AcmeeDesign WPShapere Lite CSRF Stored XSS

CVE ID : CVE-2025-53317
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere Lite allows Stored XSS. This issue affects WPShapere Lite: from n/a through 1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53318 - WPManiax WP DB Booster Missing Authorization Vulnerability

CVE ID : CVE-2025-53318
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53320 - Wp Enhanced Free Downloads EDD Cross-site Scripting

CVE ID : CVE-2025-53320
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53321 - Raise The Money Cross-Site Scripting

CVE ID : CVE-2025-53321
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raise The Money Raise The Money allows DOM-Based XSS. This issue affects Raise The Money: from n/a through 5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53322 - ZealousWeb Contact Form 7 Information Disclosure Vulnerability

CVE ID : CVE-2025-53322
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Authorize.NET Payments Using Contact Form 7 allows Retrieve Embedded Sensitive Data. This issue affects Accept Authorize.NET Payments Using Contact Form 7: from n/a through 2.5.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53323 - Danbriapps Pre-Publish Post Checklist Missing Authorization

CVE ID : CVE-2025-53323
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53325 - Dilip Kumar Beauty Contact Popup Form Stored Cross-site Scripting Vulnerability

CVE ID : CVE-2025-53325
Published : June 27, 2025, 2:15 p.m. | 1 hour, 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dilip kumar Beauty Contact Popup Form allows Stored XSS. This issue affects Beauty Contact Popup Form: from n/a through 6.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53305 - Lucidcrew WP Forum Server CSRF Stored XSS

CVE ID : CVE-2025-53305
Published : June 27, 2025, 2:15 p.m. | 23 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server allows Stored XSS. This issue affects WP Forum Server: from n/a through 1.8.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53306 - Lucidcrew WP Forum Server SQL Injection

CVE ID : CVE-2025-53306
Published : June 27, 2025, 2:15 p.m. | 23 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lucidcrew WP Forum Server allows SQL Injection. This issue affects WP Forum Server: from n/a through 1.8.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53308 - Gopi_plus Image Slider Stored XSS CSRF

CVE ID : CVE-2025-53308
Published : June 27, 2025, 2:15 p.m. | 23 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-53309 - ZealousWeb Contact Form 7 Information Disclosure

CVE ID : CVE-2025-53309
Published : June 27, 2025, 2:15 p.m. | 23 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Stripe Payments Using Contact Form 7 allows Retrieve Embedded Sensitive Data. This issue affects Accept Stripe Payments Using Contact Form 7: from n/a through 3.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 14:15:00 GMT

CVE-2025-40910 - Apache Net::IP::LPM Leading Zero IP Address Bypass Vulnerability

CVE ID : CVE-2025-40910
Published : June 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 13:15:00 GMT

CVE-2025-53018 - Lychee Server-Side Request Forgery (SSRF) Vulnerability

CVE ID : CVE-2025-53018
Published : June 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in the `/api/v2/Photo::fromUrl` endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose. Consequently, internal network resources—such as localhost services or cloud-provider metadata endpoints—become reachable. The endpoint takes a URL from the user and calls it server-side via fopen() without any safeguards. There is no IP address validation, nor are there any allow-list, timeout, or size restrictions. Because of this, attackers can point the application at internal targets. Using this flaw, an attacker can perform internal port scans or retrieve sensitive cloud metadata. Version 6.6.13 contains a patch for the issue.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 13:15:00 GMT

CVE-2025-6766 - Apache sfturing SQL Injection Vulnerability

CVE ID : CVE-2025-6766
Published : June 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument officesName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 13:15:00 GMT

CVE-2025-6767 - Oracle SFTuring SQL Injection Vulnerability

CVE ID : CVE-2025-6767
Published : June 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 13:15:00 GMT

CVE-2025-52774 - Infility Global Cross-site Scripting

CVE ID : CVE-2025-52774
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.12.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52778 - Michel xili-dictionary Cross-site Scripting

CVE ID : CVE-2025-52778
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary allows Reflected XSS. This issue affects xili-dictionary: from n/a through 2.12.5.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52799 - Designthemes LMS Cross-site Scripting (XSS)

CVE ID : CVE-2025-52799
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52808 - RealtyElite PHP RFI Vulnerability

CVE ID : CVE-2025-52808
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite allows PHP Local File Inclusion. This issue affects RealtyElite: from n/a through 1.0.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52809 - John Russell National Weather Service Alerts PHP Local File Inclusion

CVE ID : CVE-2025-52809
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts allows PHP Local File Inclusion. This issue affects National Weather Service Alerts: from n/a through 1.3.5.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52810 - TMRW-studio Katerio Magazine Path Traversal PHP Local File Inclusion Vulnerability

CVE ID : CVE-2025-52810
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52811 - Creanncy Davenport Path Traversal PHP Local File Inclusion Vulnerability

CVE ID : CVE-2025-52811
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through 1.3.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52812 - ApusWP Domnoo PHP Local File Inclusion Vulnerability

CVE ID : CVE-2025-52812
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo allows PHP Local File Inclusion. This issue affects Domnoo: from n/a through 1.49.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52814 - Ovatheme BRW PHP RFI Vulnerability

CVE ID : CVE-2025-52814
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.7.9.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52815 - AncoraThemes CityGov PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-52815
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov allows PHP Local File Inclusion. This issue affects CityGov: from n/a through 1.9.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52816 - Themehunk Zita PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-52816
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita allows PHP Local File Inclusion. This issue affects Zita: from n/a through 1.6.5.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52817 - ZealousWeb Abandoned Contact Form 7 Missing Authorization Vulnerability

CVE ID : CVE-2025-52817
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52818 - Trusty Whistleblowing Missing Authorization Vulnerability

CVE ID : CVE-2025-52818
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52824 - MDJM Mobile DJ Manager Missing Authorization Vulnerability

CVE ID : CVE-2025-52824
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52826 - UXPER Sala Object Injection Vulnerability

CVE ID : CVE-2025-52826
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52827 - UXPER Nuss Untrusted Data Deserialization Object Injection

CVE ID : CVE-2025-52827
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Deserialization of Untrusted Data vulnerability in uxper Nuss allows Object Injection. This issue affects Nuss: from n/a through 1.3.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52829 - DirectIQ Email Marketing SQL Injection

CVE ID : CVE-2025-52829
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing allows SQL Injection. This issue affects DirectIQ Email Marketing: from n/a through 2.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-52834 - Favethemes Homey SQL Injection

CVE ID : CVE-2025-52834
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-6762 - Diyhi BBS Server-Side Request Forgery (SSRF) Vulnerability

CVE ID : CVE-2025-6762
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-6763 - Comet System Web-based Management Interface Missing Authentication Vulnerability

CVE ID : CVE-2025-6763
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability classified as critical was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. This vulnerability affects unknown code of the file /setupA.cfg of the component Web-based Management Interface. The manipulation leads to missing authentication. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-6765 - Intelbras InControl Remote File Permission Bypass Vulnerability

CVE ID : CVE-2025-6765
Published : June 27, 2025, 12:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 12:15:00 GMT

CVE-2025-6761 - Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine Template Engine Injection Vulnerability

CVE ID : CVE-2025-6761
Published : June 27, 2025, 11:15 a.m. | 35 minutes ago
Description : A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes."
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 11:15:00 GMT

CVE-2025-5398 - Ninja Forms Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5398
Published : June 27, 2025, 10:15 a.m. | 1 hour, 35 minutes ago
Description : The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 10:15:00 GMT

CVE-2024-12827 - WordPress DWT Directory Listing Theme Privilege Escalation Vulnerability

CVE ID : CVE-2024-12827
Published : June 27, 2025, 9:15 a.m. | 2 hours, 35 minutes ago
Description : The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 09:15:00 GMT

CVE-2025-2940 - WordPress Easy Data Table Builder SSRF

CVE ID : CVE-2025-2940
Published : June 27, 2025, 9:15 a.m. | 2 hours, 35 minutes ago
Description : The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 09:15:00 GMT

CVE-2025-4587 - WordPress A/B Testing Stored Cross-Site Scripting

CVE ID : CVE-2025-4587
Published : June 27, 2025, 8:15 a.m. | 3 hours, 35 minutes ago
Description : The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 08:15:00 GMT

CVE-2025-5306 - Pandora FMS Command Injection Vulnerability

CVE ID : CVE-2025-5306
Published : June 27, 2025, 8:15 a.m. | 3 hours, 35 minutes ago
Description : Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 08:15:00 GMT

CVE-2025-5936 - WordPress VR Calendar CSRF

CVE ID : CVE-2025-5936
Published : June 27, 2025, 8:15 a.m. | 3 hours, 35 minutes ago
Description : The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 08:15:00 GMT

CVE-2025-5940 - Osom Blocks - WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-5940
Published : June 27, 2025, 8:15 a.m. | 3 hours, 35 minutes ago
Description : The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 08:15:00 GMT

CVE-2025-6550 - Elementor Pack Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6550
Published : June 27, 2025, 8:15 a.m. | 3 hours, 35 minutes ago
Description : The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 08:15:00 GMT

CVE-2025-6688 - "WordPress Simple Payment Authentication Bypass"

CVE ID : CVE-2025-6688
Published : June 27, 2025, 8:15 a.m. | 3 hours, 35 minutes ago
Description : The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 08:15:00 GMT

CVE-2025-6689 - "FL3R Accessibility Suite Plugin Stored XSS Vulnerability"

CVE ID : CVE-2025-6689
Published : June 27, 2025, 8:15 a.m. | 3 hours, 35 minutes ago
Description : The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 08:15:00 GMT

CVE-2025-36529 - TB-Eye Command Injection Vulnerability

CVE ID : CVE-2025-36529
Published : June 27, 2025, 6:15 a.m. | 5 hours, 35 minutes ago
Description : An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 06:15:00 GMT

CVE-2025-41418 - TB-eye Network Recorders/AHD Recorders Buffer Overflow Vulnerability

CVE ID : CVE-2025-41418
Published : June 27, 2025, 6:15 a.m. | 5 hours, 35 minutes ago
Description : Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 06:15:00 GMT

CVE-2025-5035 - Firelight Lightbox WordPress Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5035
Published : June 27, 2025, 6:15 a.m. | 5 hours, 35 minutes ago
Description : The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 06:15:00 GMT

CVE-2025-5093 - WordPress Responsive Lightbox Gallery Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5093
Published : June 27, 2025, 6:15 a.m. | 5 hours, 35 minutes ago
Description : The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 06:15:00 GMT

CVE-2025-5194 - WordPress Map Block Stored Cross-Site Scripting

CVE ID : CVE-2025-5194
Published : June 27, 2025, 6:15 a.m. | 5 hours, 35 minutes ago
Description : The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 06:15:00 GMT

CVE-2025-5526 - BuddyPress Docs Information Disclosure Vulnerability

CVE ID : CVE-2025-5526
Published : June 27, 2025, 6:15 a.m. | 5 hours, 35 minutes ago
Description : The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 06:15:00 GMT

CVE-2025-45737 - NetEase NeacSafe64 Elevation of Privilege

CVE ID : CVE-2025-45737
Published : June 27, 2025, 5:15 a.m. | 6 hours, 35 minutes ago
Description : An issue in NetEase (Hangzhou) Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 05:15:00 GMT

CVE-2025-6488 - WordPress isMobile Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6488
Published : June 27, 2025, 5:15 a.m. | 6 hours, 35 minutes ago
Description : The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 05:15:00 GMT

CVE-2025-6753 - Huija BicycleSharingServer SQL Injection Vulnerability

CVE ID : CVE-2025-6753
Published : June 27, 2025, 5:15 a.m. | 6 hours, 35 minutes ago
Description : A vulnerability was found in huija bicycleSharingServer 1.0 and classified as critical. This issue affects the function selectAdminByNameLike of the file AdminController.java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 05:15:00 GMT

CVE-2025-6752 - Linksys UPnP Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6752
Published : June 27, 2025, 4:16 a.m. | 7 hours, 35 minutes ago
Description : A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:16:00 GMT

CVE-2025-53164 - Apache HTTP Server Command Injection

CVE ID : CVE-2025-53164
Published : June 27, 2025, 4:15 a.m. | 7 hours, 35 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53165 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-53165
Published : June 27, 2025, 4:15 a.m. | 7 hours, 35 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53166 - Apache HTTP Server Cross-Site Scripting

CVE ID : CVE-2025-53166
Published : June 27, 2025, 4:15 a.m. | 7 hours, 35 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-6751 - Linksys E8450 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-6751
Published : June 27, 2025, 4:15 a.m. | 7 hours, 35 minutes ago
Description : A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53162 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-53162
Published : June 27, 2025, 4:15 a.m. | 5 hours, 34 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53163 - Apache HTTP Server Arbitrary File Download

CVE ID : CVE-2025-53163
Published : June 27, 2025, 4:15 a.m. | 5 hours, 34 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53157 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-53157
Published : June 27, 2025, 4:15 a.m. | 3 hours, 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53158 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-53158
Published : June 27, 2025, 4:15 a.m. | 3 hours, 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53159 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-53159
Published : June 27, 2025, 4:15 a.m. | 3 hours, 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53160 - Apache Apache HTTP Server SQL Injection

CVE ID : CVE-2025-53160
Published : June 27, 2025, 4:15 a.m. | 3 hours, 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-53161 - VMware Network PolicyVulnerability: Denial of Service

CVE ID : CVE-2025-53161
Published : June 27, 2025, 4:15 a.m. | 3 hours, 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 04:15:00 GMT

CVE-2025-47822 - Flock Safety LPR Impropoer Access Control Vulnerability

CVE ID : CVE-2025-47822
Published : June 27, 2025, 3:15 a.m. | 4 hours, 39 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 03:15:00 GMT

CVE-2025-47823 - Flock Safety LPR Hardcoded Password Vulnerability

CVE ID : CVE-2025-47823
Published : June 27, 2025, 3:15 a.m. | 4 hours, 39 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 03:15:00 GMT

CVE-2025-47824 - Flock Safety LPR Cleartext Code Storage Vulnerability

CVE ID : CVE-2025-47824
Published : June 27, 2025, 3:15 a.m. | 4 hours, 39 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 03:15:00 GMT

CVE-2025-6750 - HDF5 Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6750
Published : June 27, 2025, 3:15 a.m. | 4 hours, 39 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 03:15:00 GMT

CVE-2025-47821 - Flock Safety Gunshot Detection Device Hardcoded Password Vulnerability

CVE ID : CVE-2025-47821
Published : June 27, 2025, 3:15 a.m. | 2 hours, 39 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 03:15:00 GMT

CVE-2025-47818 - Flock Safety Gunshot Detection HTTP Server Unauthenticated Access

CVE ID : CVE-2025-47818
Published : June 27, 2025, 2:15 a.m. | 3 hours, 39 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 02:15:00 GMT

CVE-2025-47819 - Flock Safety Gunshot Detection Debug Interface Unauthorized Access Vulnerability

CVE ID : CVE-2025-47819
Published : June 27, 2025, 2:15 a.m. | 3 hours, 39 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 02:15:00 GMT

CVE-2025-47820 - Flock Safety Gunshot Detection Devices Cleartext Code Storage Vulnerability

CVE ID : CVE-2025-47820
Published : June 27, 2025, 2:15 a.m. | 3 hours, 39 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 02:15:00 GMT

CVE-2025-6748 - Airtel Thanks App Cleartext Storage Vulnerability

CVE ID : CVE-2025-6748
Published : June 27, 2025, 2:15 a.m. | 3 hours, 39 minutes ago
Description : A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 02:15:00 GMT

CVE-2025-6749 - Huija bicycleSharingServer SQL Injection Vulnerability

CVE ID : CVE-2025-6749
Published : June 27, 2025, 2:15 a.m. | 3 hours, 39 minutes ago
Description : A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The manipulation of the argument Title leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 27 Jun 2025 02:15:00 GMT

CVE-2024-3511 - WSO2 Registry Unauthorized File Access Vulnerability

CVE ID : CVE-2024-3511
Published : June 23, 2025, 9:15 a.m. | 21 minutes ago
Description : An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 09:15:00 GMT

CVE-2025-6502 - Code-projects Inventory Management System SQL Injection Critical Vulnerability

CVE ID : CVE-2025-6502
Published : June 23, 2025, 4:15 a.m. | 5 hours, 21 minutes ago
Description : A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 04:15:00 GMT

CVE-2025-6503 - Code-projects Inventory Management System SQL Injection

CVE ID : CVE-2025-6503
Published : June 23, 2025, 4:15 a.m. | 5 hours, 21 minutes ago
Description : A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/fetchSelectedCategories.php. The manipulation of the argument categoriesId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 04:15:00 GMT

CVE-2025-6499 - Apache vstakhov libucl Heap-Based Buffer Overflow

CVE ID : CVE-2025-6499
Published : June 23, 2025, 3:15 a.m. | 6 hours, 21 minutes ago
Description : A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 03:15:00 GMT

CVE-2025-6500 - Code-projects Inventory Management System SQL Injection

CVE ID : CVE-2025-6500
Published : June 23, 2025, 3:15 a.m. | 6 hours, 21 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Inventory Management System 1.0. Affected by this issue is some unknown functionality of the file /php_action/editCategories.php. The manipulation of the argument editCategoriesName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 03:15:00 GMT

CVE-2025-6501 - Apache Code-projects Inventory Management System SQL Injection

CVE ID : CVE-2025-6501
Published : June 23, 2025, 3:15 a.m. | 6 hours, 21 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /php_action/createCategories.php. The manipulation of the argument categoriesStatus leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 03:15:00 GMT

CVE-2025-6498 - HTACG Tidy-HTML5 Memory Leak Vulnerability

CVE ID : CVE-2025-6498
Published : June 23, 2025, 2:15 a.m. | 7 hours, 21 minutes ago
Description : A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 02:15:00 GMT

CVE-2025-52926 - Spytrap-ADB Stalkerware Detection UI Vulnerability

CVE ID : CVE-2025-52926
Published : June 23, 2025, 1:15 a.m. | 8 hours, 21 minutes ago
Description : In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 01:15:00 GMT

CVE-2025-6497 - "HTACG Tidy-html5 Assertion Vulnerability"

CVE ID : CVE-2025-6497
Published : June 23, 2025, 1:15 a.m. | 8 hours, 21 minutes ago
Description : A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 01:15:00 GMT

CVE-2025-6496 - Apache Tidy Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-6496
Published : June 23, 2025, 12:15 a.m. | 9 hours, 21 minutes ago
Description : A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 23 Jun 2025 00:15:00 GMT

CVE-2025-6494 - Nokogiri Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6494
Published : June 22, 2025, 11:15 p.m. | 10 hours, 21 minutes ago
Description : A vulnerability was found in sparklemotion nokogiri up to 1.18.7. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 23:15:00 GMT

CVE-2025-6493 - CodeMirror Markdown Mode Regular Expression Complexity Remote Vulnerability

CVE ID : CVE-2025-6493
Published : June 22, 2025, 10:15 p.m. | 11 hours, 21 minutes ago
Description : A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 22:15:00 GMT

CVE-2025-6492 - MarkText Regular Expression Complexity Remote Vulnerability

CVE ID : CVE-2025-6492
Published : June 22, 2025, 8:15 p.m. | 13 hours, 21 minutes ago
Description : A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 20:15:00 GMT

CVE-2025-6489 - iSourcecode Agri-Trading Online Shopping System SQL Injection Vulnerability

CVE ID : CVE-2025-6489
Published : June 22, 2025, 7:15 p.m. | 14 hours, 21 minutes ago
Description : A vulnerability has been found in itsourcecode Agri-Trading Online Shopping System 1.0 and classified as critical. This vulnerability affects unknown code of the file /transactionsave.php. The manipulation of the argument del leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 19:15:00 GMT

CVE-2025-6490 - Nokogiri Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6490
Published : June 22, 2025, 7:15 p.m. | 14 hours, 21 minutes ago
Description : A vulnerability was found in sparklemotion nokogiri up to 1.18.7 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 19:15:00 GMT

CVE-2025-6486 - TOTOLINK A3002R Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6486
Published : June 22, 2025, 6:15 p.m. | 15 hours, 21 minutes ago
Description : A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 18:15:00 GMT

CVE-2025-6487 - TOTOLINK A3002R Stack-Based Buffer Overflow

CVE ID : CVE-2025-6487
Published : June 22, 2025, 6:15 p.m. | 15 hours, 21 minutes ago
Description : A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 18:15:00 GMT

CVE-2025-6484 - Code-projects Online Shopping Store SQL Injection

CVE ID : CVE-2025-6484
Published : June 22, 2025, 5:15 p.m. | 16 hours, 21 minutes ago
Description : A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument cat_id/brand_id/keyword/proId/pid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 17:15:00 GMT

CVE-2025-6485 - TOTOLINK A3002R OS Command Injection Vulnerability

CVE ID : CVE-2025-6485
Published : June 22, 2025, 5:15 p.m. | 16 hours, 21 minutes ago
Description : A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 17:15:00 GMT

CVE-2025-6482 - "Simple Pizza Ordering System SQL Injection Vulnerability"

CVE ID : CVE-2025-6482
Published : June 22, 2025, 4:15 p.m. | 17 hours, 21 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /edituser-exec.php. The manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 16:15:00 GMT

CVE-2025-6483 - "Simple Pizza Ordering System SQL Injection Vulnerability"

CVE ID : CVE-2025-6483
Published : June 22, 2025, 4:15 p.m. | 17 hours, 21 minutes ago
Description : A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edituser.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 16:15:00 GMT

CVE-2025-6480 - Apache Code-Projects Simple Pizza Ordering System SQL Injection Vulnerability

CVE ID : CVE-2025-6480
Published : June 22, 2025, 3:15 p.m. | 18 hours, 21 minutes ago
Description : A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /addcatexec.php. The manipulation of the argument textfield leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 15:15:00 GMT

CVE-2025-6481 - "Simple Pizza Ordering System SQL Injection Vulnerability"

CVE ID : CVE-2025-6481
Published : June 22, 2025, 3:15 p.m. | 18 hours, 21 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 15:15:00 GMT

CVE-2025-6478 - CodeAstro Expense Management System CSRF

CVE ID : CVE-2025-6478
Published : June 22, 2025, 2:15 p.m. | 19 hours, 21 minutes ago
Description : A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 14:15:00 GMT

CVE-2025-6479 - Simple Pizza Ordering System SQL Injection

CVE ID : CVE-2025-6479
Published : June 22, 2025, 2:15 p.m. | 19 hours, 21 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /salesreport.php. The manipulation of the argument dayfrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 22 Jun 2025 14:15:00 GMT

Retrospective for `thomas-iniguez-visioli` from 2025-06-15 to 2025-06-16

Reporting on 0 Issues from 0 authors, 10 Pull Requests from 3 authors, and 0 Discussions from 0 authors.

portfolio

Open Pull Requests

build(deps-dev): bump eslint from 9.27.0 to 9.29.0 (#295)
build(deps): bump pinia from 3.0.2 to 3.0.3 (#292)
build(deps): bump puppeteer from 24.8.2 to 24.10.1 (#290)
build(deps): bump simple-git from 3.27.0 to 3.28.0 (#289)
Changes by create-pull-request action (#288)

Merged Pull Requests

[Snyk] Upgrade puppeteer from 24.8.2 to 24.9.0 (#294)
[Snyk] Upgrade eslint from 9.26.0 to 9.27.0 (#293)

Closed Pull Requests

build(deps-dev): bump eslint from 9.26.0 to 9.28.0 (#281)

retro-weekly

Merged Pull Requests

doc: generate weekly retro (#128)

vbcq

Merged Pull Requests

update (#31)

Tue, 17 Jun 2025 00:00:00 GMT

Publication de la 4e édition de l’Observatoire des métiers 2025

anssiadm lun 09/06/2025 - 19:56

À l’occasion de la publication de la quatrième édition de l’Observatoire des métiers, le Centre de Formation à la Sécurité des Systèmes d’Information (CFSSI) de l’ANSSI, en partenariat avec l’AFPA et la DGEFP, fait le point sur les évolutions du marché de l’emploi dans le domaine de la cybersécurité, au cours des cinq dernières années.

Face à une menace cyber toujours plus présente, les différents acteurs du secteur public et privé se doivent de mettre en place des stratégies efficaces pour se protéger. À l’heure où le recrutement de spécialistes en matière de sécurité des systèmes d’information apparaît, de fait, essentiel, l’analyse du marché du travail réalisée dans cette 4^e édition de l’Observatoire des métiers démontre que le nombre d’offres d’emploi disponibles a considérablement augmenté dans ce secteur.

Seulement, les employeurs continuent à rencontrer de grandes difficultés pour trouver des candidats, et ce, malgré le développement de nombreuses offres de formations pour répondre aux besoins du marché.

Le rôle de l’Observatoire des métiers

Afin de comprendre les raisons réelles de cette pénurie et d’identifier les leviers les plus pertinents qui pourraient permettre aux politiques publiques de lancer des initiatives capables de résoudre la situation, l’ANSSI, la Délégation générale à l’Emploi et à la Formation professionnelle (DGEFP) et l’Agence nationale pour la formation professionnelle des adultes (Afpa), recensent et collectent des indicateurs concernant les formations en cybersécurité ainsi que les offres d’emploi dans ce domaine, depuis 2021, via l’Observatoire des métiers.

Les résultats de l’enquête 2025 réalisée auprès des professionnels de la cybersécurité

En 2025, l’Observatoire des métiers a reconduit l’enquête menée en 2021 auprès des professionnels de la cybersécurité afin de réaliser une photographie générale de la population composant l’écosystème cyber français. L’objectif étant de mieux connaître certaines de leurs caractéristiques : parcours, profils, cadres d’exercices des missions et perspectives d’évolutions.

Quelques chiffres clés

1 répondant sur 2 travaille dans une structure de 1 000 salariés ou plus et 66 % des répondants travaillent dans le secteur privé.
Une large majorité d’hommes, soit 85 % des répondants, composent l’écosystème cyber français.
Pour la moitié des répondants, la cybersécurité ne constitue pas leur domaine d’expertise d’origine. En effet, 40 % des répondants ont principalement exercé dans le domaine de l’informatique/ numérique et 12 % ont principalement exercé dans un autre domaine.

Les résultats de l’étude 2025 menée sur le marché du travail des professionnels de la cybersécurité

Cette seconde enquête, réalisée à partir d’un un outil d’agrégation, a permis de quantifier et d’analyser plus de 23 000 offres d’emploi publiées entre juin 2023 et juin 2024, dans le domaine de la cybersécurité, en France. L’objectif ? Identifier les grandes tendances du marché, notamment les types d’offres, le niveau de qualifications attendu ou encore la localisation des offres.

Quelques chiffres clés

Une augmentation de 49 % du nombres d’offres d’emploi s’est opérée entre 2019 et 2024.
Une large majorité des offres concernent des contrats à durée indéterminée.
Le niveau de qualification reste élevé avec 40 % des offres qui requièrent un niveau Bac+5.

Consultez L'Observatoire des métiers 2025

Retrouvez toutes les éditions de l’Observatoire des Métiers

Mon, 09 Jun 2025 19:56:00 GMT

Retrouvez l’ANSSI lors de VivaTechnology 2025 !

anssiadm ven 06/06/2025 - 07:25

Du 11 au 14 juin retrouvez l’ANSSI sur le pavillon numérique de l’État, lors de l’édition 2025 de VivaTechnology, le salon annuel des acteurs de l’innovation technologique.

Rendez-vous sur le pavillon numérique de l’État

Présents pour la première fois à VivaTechnology, les agents de l’ANSSI seront disponibles au sein du pavillon numérique de l’État, pour répondre à toutes vos questions.

Situé en n°H58, ce stand sera l’occasion pour l’Agence, aux côtés de la Direction interministérielle du numérique, la direction de la Transformation numérique du ministère de l’Intérieur, les directions du numérique du ministère de l’Économie, des Finances et de la Souveraineté industrielle et numérique, la direction numérique des ministères de l’Aménagement du territoire et de la Transition écologique, la direction numérique du ministère de l’Agriculture et de la souveraineté alimentaire, l’Institut national de l’information géographique et forestière, de mettre en avant six grandes thématiques pour cette édition 2025 :

Identité numérique
IA : Stratégie IA de l'Etat et initiatives produits IA de l'Etat
Des outils numériques souverains
Startups d'Etat concevoir des services numériques agiles et à impact
Transformation numérique des territoires
Stratégie Cloud de l'Etat
Cybersécurité

Découvrez la programmation détaillée

Pendant les 4 jours du salon, nos experts animeront différentes sessions sur des thématiques essentiels pour l’Agence, qui ont un impact significatif sur l’écosystème cyber français.

État des lieux de l’identité numérique en Europe

Jeudi 12 juin 2025 - 10h00
Samedi 14 juin 2025 – 14h00

Cybersécurité de l’IA

Mercredi 11 juin 2025 - 10h30
Jeudi 12 juin 2025 - 10h30
Vendredi 13 juin 2025 - 10h30 et 16h00
Samedi 14 juin - 10h30

La suite Cyber : l’offre de service numérique cyber souverain

Jeudi 12 juin 2025 - 14h00

SecNumCloud, un référentiel d’exigences pour des offres de services cloud

Mercredi 11 juin 2025 - 15h30
Jeudi 12 juin 2025 - 15h30
Vendredi 13 juin 2025 - 15h30

Directives NIS 2 – Focus sur les acteurs du numérique

Mercredi 11 juin - 16h00

Retrouvez la programmation complète

Fri, 06 Jun 2025 07:25:00 GMT

Retour sur le webinaire « Comment se faire labelliser ExpertCyber ? »

Organisé le 3 juin 2025, le webinaire « Comment se faire labelliser ExpertCyber ? » avait pour objectif de présenter les enjeux et modalités de la labellisation ExpertCyber, destinée aux prestataires de services informatique justifiant d’une expertise en cybersécurité.

Thu, 05 Jun 2025 12:02:00 GMT

Soldes drsquo;été : 7 conseils pour éviter les cyber-arnaques

Durant les périodes promotionnelles, Cybermalveillance.gouv.fr appelle à la plus grande vigilance et délivre 7 conseils pour éviter de se faire escroquer.

Thu, 05 Jun 2025 09:00:00 GMT

Lettres drsquo;information

Actualités, contenus et ressources thématiques pour vous sensibiliser aux risques numériques et aux bonnes pratiques associées, informations sur les cybermenaces… Retrouvez dans cette section les lettres d’informations de Cybermalveillance.gouv.fr.

Thu, 05 Jun 2025 09:00:00 GMT

Cybermois 2025

Le Mois européen de la cybersécurité est une initiative européenne (ENISA)
qui vise à sensibiliser aux cybermenaces et aux bons réflexes pour s’en protéger.
En France, il est piloté par Cybermalveillance.gouv.fr

Thu, 05 Jun 2025 01:11:00 GMT

« Histoire de Cyber » : engagez-vous pour le Cybermois 2025

Et si vous deveniez acteur du Cybermois 2025 ? Nous vous invitons à vous engager et à prendre part à une action citoyenne en relayant la campagne de sensibilisation « Histoire de Cyber » tout au long du mois d’octobre. Rejoignez la mobilisation nationale : inscrivez-vous dès maintenant…

Thu, 05 Jun 2025 01:09:00 GMT

Cybermois 2025 : kit de communication

Vous souhaitez communiquer sur le Cybermois 2025 auprès de vos publics, éditer les supports du Cybermois à vos couleurs ou réutiliser des contenus de sensibilisation ? Nous vous mettons à disposition différents outils incluant.

Thu, 05 Jun 2025 01:05:00 GMT

Rançongiciel ou ransomware, que faire ? (particuliers)

Un rançongiciel ou ransomware est un logiciel malveillant ou virus qui bloque l’accès à l’ordinateur ou à ses fichiers et qui réclame à la victime le paiement d’une rançon pour en obtenir de nouveau l’accès. Que faire en cas de ransomware ? Isoler les équipements touchés, ne pas…

Tue, 03 Jun 2025 11:38:00 GMT

Rançongiciel ou ransomware : que faire si votre organisation est victime d’une attaque ?

Une attaque par rançongiciel vise à bloquer l’accès à un équipement ou un système, ou à en chiffrer et/ou copier les données, en échange d’une rançon. Que faire en cas de ransomware ? Couper les connexions à Internet du réseau attaqué, identifier et déconnecter les machines…

Tue, 03 Jun 2025 09:00:00 GMT

Fuite de données chez Kaviari

nom, prénom, genre, date de naissance, adresse mail, adresse postale, numéro de téléphone, identifiant, mot de passe, numéro client, historique des commandes

Tue Jun 03 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Cartier

nom, adresse courriel, pays

Tue Jun 03 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Professionnels : quelles sont les cybermenaces les plus fréquentes en 2024 ?

Hameçonnage, piratage de compte, rançongiciel, faux ordre de virement… Découvrez les principales tendances et évolutions des menaces qui ciblent les entreprises, associations, collectivités et administrations en 2024, selon notre dernier rapport d’activité.

Mon, 02 Jun 2025 16:42:00 GMT

Fuite de données chez Autosur

nom, prénom, adresse email et postale, numéro de téléphone, numéro de plaque d’immatriculation

Mon May 26 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Retour sur la participation de l’ANSSI à l’édition 2025 de Locked Shields

anssiadm mer 14/05/2025 - 08:02

Après deux semaines d’exercice, la France et la Pologne terminent à la seconde place de Locked Shield 2025 organisé par le CCDCOE entre le 28 avril et le 9 mai.

Mettre à l’épreuve les compétences des cybercombattants français

Le Centre d’excellence de cyberdéfense coopérative de l’OTAN (CCDCOE) a organisé la nouvelle édition de Locked Shields. Plus grand exercice de cyberdéfense international, il s’est déroulé en Estonie, 28 avril au 9 mai 2025. Cet événement a rassemblé 4 000 spécialistes en lutte offensive et cyberdéfense provenant de diverses organisations issues de 41 nations. La France s’est investie pleinement dans cet exercice avec la participation cette année encore des experts de l’ANSSI.

Locked Shields a mis à l’épreuve les compétences des participants et testé leurs capacités à répondre à un incident cyber de grande ampleur dans un environnement contrôlé et réaliste. Cet évènement est également une compétition entre les pays engagés qui permet aux experts en cybersécurité de se perfectionner dans la défense des systèmes d’information nationaux et des infrastructures critiques.

L’équipe franco-polonaise, une collaboration concluante pour renforcer les compétences et la coopération

Après deux semaines d’exercice, l’équipe franco-polonaise, composée notamment des cybercombattants français du COMCYBER (ministère des Armées) et des personnels de l’ANSSI, s’est hissée à la deuxième place du podium. Des étudiants de quatre écoles partenaires (à savoir l'EPITA, l'ENSIBS, l'École 2600 et l'ESGI) ont également joint leur force.

Déjà partenaire en 2022 à Paris les équipes de l’ANSSI, du COMCYBER ainsi que du Commandement Cyber polonais ont continué de tisser des liens étroits et de renforcer la coopération sur les volets stratégiques, tactiques et technico-opératifs, communicationnels et juridiques. Tant au niveau européen qu’international, Locked Shields 2025 a permis de renforcer la capacité de la France à travailler avec ses alliés.

L'équipe française pendant Locked Shields au Kremlin Bicêtre (Paris) © COMCYBER

Wed, 14 May 2025 08:02:00 GMT

Fuite de données chez Pulsy

nom, prénom, genre, date de naissance, commune de naissance, adresse postale, téléphone, email, données médicales, parcours de soin, date et lieux des hospitalisations

Tue May 13 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Dior

Tue May 13 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

2024, une année marquée par un nombre record de violations de données personnelles

Free, France Travail, Viamedis et Almerys, Boulanger, Cultura… L’année 2024 aura été incontestablement marquée par un nombre record de violations de données personnelles, dont certaines très massives, concernant des dizaines de millions de Français.

Tue, 06 May 2025 16:53:00 GMT

The syzygy distinguisher élu best paper award

anssiadm lun 05/05/2025 - 11:43

À l’occasion de la conférence Eurocrypt qui se tient à Madrid du 4 au 8 mai, l’International Association for Cryptologic Research (IACR) a remis le Best Paper Award à Hugues Randriam pour ses travaux menés au sein du laboratoire de cryptologie de l’ANSSI.

Cette récompense vient saluer l’article de Hugues Randriam intitulé « The syzygy distinguisher », dont les conclusions représentent une avancée significative dans le domaine du chiffrement asymétrique.

L’étude propose en effet un nouvel outil mathématique appelé « syzygy distinguisher ». Déjà utilisé en cryptographie, les distinguisher ont toutefois montré des limites face à certains problèmes complexes de cryptographie. Celui proposé par Hugues dans son papier offre des résultats considérablement supérieurs lorsqu’il s’agit de reconnaître des codes cryptographiques utilisés pour sécuriser les communications, notamment dans le cadre de la cryptographie post-quantique.

L’attribution de ce prix constitue une reconnaissance forte des travaux menés par Hugues Randriam et par l’ensemble du laboratoire de cryptographie de l’ANSSI. Elle souligne également l’engagement constant des équipes de l’Agence dans la recherche scientifique.

C’est une grande fierté pour l’ANSSI, non seulement pour le rayonnement de ses laboratoires, mais aussi pour le travail mené au quotidien par l’ensemble de ses agents.

Version préliminaire du papier

Programme de la conférence

Consultez la synthèse de l'article

Mon, 05 May 2025 11:43:00 GMT

Le France Cybersecurity challenge s'achève

anssiadm lun 28/04/2025 - 13:43

L’édition 2025 du France Cybersecurity challenge (FCSC) qui a débuté le 18 avril s’est achevée ce dimanche 27 avril, après 10 jours de compétition et une participation record.

Plus de 2000 hackers réunis pour relever le défi

Le FCSC 2025 a réuni plus de 2000 hackers éthiques qui se sont affrontés à travers une centaine d'épreuves spécialement élaborées par les experts de l'ANSSI.

Grande nouveauté cette année avec l’introduction pour la première fois d’épreuves de rapidité (« speedrun »), une journée entière pour tester la créativité et l'expertise des participants sur de tout nouveaux challenges.

Retrouvez le classement complet de cette édition 2025 sur FCSC 2025.

En route vers l’European Cybersecurity challenge (ECSC)

Pour rappel, la compétition fait également office de point de départ pour les 14 joueurs de 14 à 25 ans (10 titulaires et 4 remplaçants) qui seront prochainement sélectionnés pour représenter la France lors de l’European Cybersecurity Challenge (ECSC).

En plus de leurs résultats respectifs lors du FCSC, ces joueurs seront recrutés via un système d’entretiens par les coachs de l’ANSSI pour leurs expertises, leur talent, leurs qualités humaines et leur sens du collectif. Cette année, la Team France se rendra à Varsovie, du 6 au 10 octobre 2025.

Mon, 28 Apr 2025 13:43:00 GMT

Bilan du volet cybersécurité de France Relance : un défi réussi

anssiadm lun 28/04/2025 - 10:10

Le dernier rapport d’activité du volet cybersécurité de France Relance présente les travaux entrepris par l’ANSSI sur 2024, année de clôture du programme sur le plan financier. Ce dernier volet illustre les actions menées par l’Agence durant 4 ans qui ont permis d’améliorer significativement l’accompagnement des entités vers une meilleure cybersécurité.

Avec 100 millions d’euros, le programme des parcours de cybersécurité a constitué un investissement sans précédent pour répondre à une menace devenue systémique, touchant des entités critiques au cœur des territoires.

Les « parcours de cybersécurité » avaient pour objectif d’élever la sécurité numérique des services publics, de dynamiser l’industrie de cybersécurité française et européenne et de favoriser des investissements durables au service de la cybersécurité des organisations.

Pendant 4 ans, l’ANSSI a conçu, déployé et piloté un dispositif d’accompagnement au profit des collectivités, des établissements de santé et des entités publiques. Ainsi, 945 entités parmi les plus vulnérables à la menace cyber ont pu bénéficier de cet accompagnement, dont :

707 collectivités territoriales,
134 établissements de santé,
87 autres établissements publics,
17 centres de recherche et d’enseignement supérieur,

Parmi celles-ci, 62 entités ont été accompagnées dans les territoires d’Outre-mer.

Les parcours ont permis d’élever le niveau de cyberdéfense des bénéficiaires de manière significative : en moyenne, les bénéficiaires sont passés d’un score de maturité cyber de D+ à B, soulignant un progrès conséquent. Grâce aux parcours, les entités ont réussi à s’intégrer dans l’écosystème cyber de leur territoire et de leur secteur, en lien avec l’ANSSI, et sont ainsi solidement ancrées dans une démarche de sécurisation à long terme.

Au-delà des bénéfices pour les entités accompagnées, les parcours de cybersécurité laissent un héritage exploitable dans la durée, notamment dans la perspective de la mise en œuvre de la directive NIS 2 avec la mise à disposition d’outils et de méthodes adaptés aux besoins de chaque bénéficiaire.

Le programme a permis de dynamiser l’offre industrielle de cybersécurité dans les territoires et de renforcer l’offre française et européenne de cybersécurité :

197 prestataires présents sur l’ensemble du territoire national ont été impliqués.
40 millions d’euros ont été dédiés à l’acquisition de produits de cybersécurité français et européens (dont 33 millions d’euros pour des produits français).

Les parcours de cybersécurité sont un succès, avec des effets tangibles et durables pour les bénéficiaires. Ils font partie d'un programme plus large de soutien à la transformation numérique et à la résilience des systèmes d'information, dans un contexte où les cybermenaces se multiplient.

Rapport d'activité France Relance 2024

Mon, 28 Apr 2025 10:10:00 GMT

Fuite de données chez Carrefour Mobile

numéro de téléphone, adresse email, mot de passe, adresse, numéro de passeport

Thu Apr 24 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Easy Cash

nom, prénom, date de naissance

Tue Apr 22 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Le France Cybersecurity Challenge (FCSC) démarre aujourd’hui !

anssiadm lun 21/04/2025 - 07:04

Jusqu’au 27 avril 2025, venez vous mesurer aux épreuves du CTF de l’ANSSI et tentez de gagner votre place au sein de la Team France qui défendra nos couleurs lors de l’European Cybersecurity Challenge.

Le France Cybersecurity Challenge (FCSC) est un Capture The Flag (CTF) de type jeopardy créé par les équipes de l’ANSSI et lancé en 2019.

Plus de 100 épreuves vous attendent : crypto, pwn, hardware, web, forensics… Avec une grande nouveauté : une journée de « speedrun » qui se déroulera le samedi 26 avril.

Rendez-vous sur FCSC 2025 !

Trois catégories d'âge à l'inscription

Catégorie junior :

Être né(e)s en 2005, 2006, 2007, 2008, 2009, 2010 ou 2011 ;
Être de nationalité française ;
Candidater pour intégrer la Team France et participer à l'European Cybersecurity Challenge (ECSC).

Catégorie senior :

Être né(e)s en 2000, 2001, 2002, 2003 ou 2004 ;
Être de nationalité française ;
Candidater pour intégrer la Team France et participer à l'European Cybersecurity Challenge (ECSC).

Hors catégorie :

Si vous n'êtes pas éligible pour une question d'âge ;
Si vous n'êtes pas de nationalité française ;
Si vous ne souhaitez pas candidater pour intégrer la Team France et participer à l'European Cybersecurity Challenge (ECSC).

Sélection pour l’European Cybersecurity Challenge

Vous avez moins de 25 ans ? Le FCSC est l’opportunité pour vous d’être sélectionné pour intégrer la Team France qui représentera le drapeau tricolore lors de l’European Cybersecurity Challenge (ECSC) 2025. La prochaine édition aura lieu à Varsovie en Pologne, du 6 au 10 octobre 2025.

Mon, 21 Apr 2025 07:04:00 GMT

Fuite de données chez Indigo

adresse email, plaque d’immatriculation, nom, prénom, numéro de téléphone, adresse postale

Fri Apr 18 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Etat de la menace informatique sur le secteur des transports urbains

anssiadm jeu 17/04/2025 - 07:37

Les transports urbains constituent un secteur critique et les attaques informatiques qui le visent peuvent avoir des conséquences significatives qui génèrent parfois des difficultés dans la continuité des services ou encore dans la sécurisation des données. La menace à l’encontre des entités du secteur cible des entreprises de toute taille, dans le monde entier, et qui ont la gestion d’une large variété de moyen de transports. Répondant à ses missions de connaissance de la menace informatique, l’ANSSI partage un état de la menace sur le secteur du transport urbain.

Un secteur fortement exposé en 2024

Tout au long de l’année, le contexte des Jeux Olympiques et Paralympiques de Paris 2024 a mis en lumière l’exposition de ce secteur aux cyberattaques, les tensions géopolitiques ayant été un catalyseur fort de cette menace avec de nombreuses attaques par déni de services.

L’imbrication de plusieurs réseaux informatiques de grande taille ainsi que la diversité des équipements qui les composent met en exergue des niveaux de sécurisation hétérogène complexifiant d’autant plus les questions de sécurité des systèmes d’information et augmentant significativement la surface d’attaque.

Les entités du secteur sont également fortement ciblées en raison du grand nombre de données personnelles des usagers, ainsi une attention toute particulière doit être portée à la protection de ces bases de données qui font régulièrement l’objet d’attaques à des fins d’exfiltration.

Prévenir et se protéger contre ces menaces

Dans son état de la menace, l’ANSSI rappelle l’importance d’avoir une approche globale de la sécurité et recommande aux entités de réaliser une cartographie globale des systèmes d’information afin d’identifier les risques affectant l’entité ou encore mesurer la maturité des systèmes d’informations concernés.

Il est essentiel de travailler sur des modes de fonctionnement dégradé notamment pour assurer et préparer en parallèle un plan de continuité d’activité (PCA) et un plan de reprise d’activité (PRA). La mise en pratique ces recommandations permettra au secteur des transports urbains d’anticiper ces menaces.

Transports urbains - Etat de la menace informatique

Thu, 17 Apr 2025 07:37:00 GMT

L’ANSSI publie ses guides sur la remédiation d’incidents en anglais

anssiadm mer 16/04/2025 - 12:39

Suite au lancement, en janvier 2024, d’un corpus sur la remédiation post-incident et l’intégration de trois guides (stratégique, opérationnel, technique) à cette collection, l’ANSSI publie les traductions de ces trois guides en anglais.

L’objectif de ces traductions est de poursuivre la diffusion des piliers doctrinaux élaborés par l’ANSSI, à l’échelle européenne et internationale.

En parallèle, le chantier de l’ANSSI sur la remédiation se poursuit. Le corpus (Piloter la remédiation d’un incident cyber | ANSSI) a vocation à être progressivement enrichi de nouveaux documents, sur la base des échanges menés activement par l’agence avec l’écosystème.

Les traductions peuvent être retrouvées sur la page suivante du site de l’ANSSI en anglais :

Voir les guides sur la remédiation en anglais

Wed, 16 Apr 2025 12:39:00 GMT

L'ANSSI publie son rapport d'activité 2024

anssiadm mar 15/04/2025 - 07:43

À l’occasion de la publication de son rapport d’activité 2024, l’ANSSI revient sur une année de mobilisation exceptionnelle tant de ses agents que de « l’équipe de France » de la cybersécurité dans son ensemble.

Face à une menace cyber toujours plus forte, l’année écoulée a de nouveau démontré que la cybersécurité de la Nation est un sport collectif.

Les Jeux olympiques et paralympiques de Paris 2024 comme consécration du modèle français de cyberdéfense

En tant que cheffe de file du volet cyber, l’ANSSI a été au cœur de la préparation des Jeux olympiques et paralympiques de Paris 2024. Le succès de cet événement international majeur est un accomplissement pour l’Agence, qui témoigne également de la pertinence du modèle de cyberdéfense français bâti autour d’une autorité nationale et ancré dans un écosystème élargi et déployé dans les territoires. Les Jeux sont le résultat d’une méthode – anticipation, préparation, entraînement – et d’une équipe – l’écosystème cyber public et privé – qui doivent perdurer pour permettre à la France de rester parmi les grandes nations de la cybersécurité.

La directive NIS 2, vecteur d’une transformation profonde pour l’ANSSI

En 2024, l’ANSSI a poursuivi ses travaux de transposition de la directive NIS 2 qui sont le moteur d’un changement majeur de son organisation, de ses méthodes et de sa manière d’interagir avec ses bénéficiaires et ses partenaires. Déjà fortement mobilisées sur le sujet au cours des dernières années, les équipes de l’Agence continueront de l’être au quotidien, en coordination avec l’écosystème cyber, pour accompagner des milliers d’entités dans leur cybersécurité.

Des progrès précieux pour l’élévation générale de la cybersécurité de l’Union européenne

À l’image du cadre réglementaire défini par NIS 2, ou encore du vote du règlement sur la résilience cyber, pour lesquels l’ANSSI s’est pleinement engagée, la cybersécurité en Europe a connu de belles avancées en 2024. Par ailleurs, face aux évolutions technologiques, et notamment aux technologies de rupture, la conservation d’une maîtrise souveraine des expertises techniques s’impose comme une mission essentielle de l’ANSSI.

L’année 2024 en quelques chiffres :

656 agents âgés en moyenne de 36 ans, œuvrent au quotidien pour la cybersécurité de la Nation, au sein de l’ANSSI.
4 386 (+15%) événements de sécurité traités par l’ANSSI, et 1 361 (+18%) incidents ayant impliqué un acteur malveillant.
68 formations labellisées SecNumedu, 1 696 personnes formées au Centre de formation à la sécurité des systèmes d’information (CFSSI) et 117 856 attestations SecNumacadémie décernées.

L’année 2024 en quelques dates clés :

Au-delà des JOP24 d’autres d’événements ont marqué l’année 2024 :

31 janvier : Adoption du schéma européen de certification de cybersécurité fondé sur des critères commun.
10 mai : Entrée en vigueur du décret d’application de la loi de programmation militaire 2024-2030, permettant à l’ANSSI de mettre en œuvre l’ensemble des nouvelles capacités dont elle l’a dotée.
9 juillet : Publications des recommandations de l’ANSSI pour l’hébergement des systèmes d’information sensible dans le cloud.
15 octobre : Présentation en conseil des ministres du projet de loi relatif à la résilience des activités d’importance vitale, à la protection des infrastructures critiques à la cybersécurité et à la résilience opérationnelle du secteur financier dont le titre II, Cybersécurité, vise à transposer la directive NIS 2.

Cette année exceptionnelle ouvre désormais la voie à une nouvelle étape pour l’ANSSI, qui a été partagée dans notre stratégie pour 2025-2027 . Il s’agit de prendre acte des évolutions non seulement du paysage cyber, mais également de notre environnement plus global. Pour ce faire, nous aurons besoin de « l’équipe de France » de cybersécurité à nos côtes.

Vincent Strubel

Directeur général

PDF

Rapport d'activité ANSSI 2024

Tue, 15 Apr 2025 07:43:00 GMT

Fuite de données chez Hertz

nom, coordonnées, date de naissance, permis de conduire, carte de crédit, passeport

Tue Apr 15 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Afflelou

nom, prénom, date de naissance, adresse postale, adresse email, numéro de téléphone, informations commerciales

Tue Apr 15 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Harvest

gestion de patrimoine

Fri Apr 11 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Cybermalveillance.gouv.fr dévoile sa stratégie 2025-2030

À l’occasion de la conférence de presse durant laquelle Cybermalveillance.gouv.fr a dévoilé son rapport d’activité et les tendances de la menace cyber en France, le dispositif national d’assistance a également présenté sa stratégie 2025-2030.

Mon, 07 Apr 2025 17:25:00 GMT

Fuite de données chez UTWIN

identité, adresse email, numéro de téléphone

Mon Apr 07 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Cybermalveillance.gouv.fr, le Campus cyber Nouvelle Aquitaine et Cyber’Occ annoncent la signature drsquo;une convention pour intégrer lrsquo;offre de service drsquo;assistance des CSIRT territoriaux néo-aquitain et d’Occitanie dans le 17Cyber, guichet unique face à la cybermalveillance

Alors que 17Cyber a été lancé en décembre dernier, le guichet unique d’assistance conçu par Cybermalveillance.gouv.fr, la Police nationale et la Gendarmerie nationale étend ses collaborations avec des acteurs de l’écosystème tels que les CSIRT (centres de réponse à incident)…

Tue, 01 Apr 2025 15:28:00 GMT

Fuite de données chez Reporterre

nom, prénom, adresse courriel, adresse postale

Tue Apr 01 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez MAIF BPCE

nom, genre, date de naissance, situation matrimoniale et professionnelle, adresse postale, adresse email, numéro de téléphone, revenus, patrimoine, numéro de sociétaire

Fri Mar 28 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Cybermalveillance.gouv.fr dévoile les tendances de la menace cyber en France

À l’occasion de la publication de son rapport d’activité, Cybermalveillance.gouv.fr présente les tendances clés de la menace qui ont marqué l’année 2024.

Thu, 27 Mar 2025 10:18:00 GMT

Fuite de données chez Oracle Cloud

authentification LDAP, serveur SSO, clefs d’authentification

Thu Mar 27 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Centrale Nantes

rapports & projets privés, login et hash des mots de passe utilisateurs, code sources, documents administratifs

Wed Mar 26 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Cerballiance

nom, prénom, date de naissance, adresse postale, numéro de sécurité sociale, régime de mutuelle, caisse de mutuelle, date de fin de droit

Tue Mar 25 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Opération Cactus : lancement national de la campagne de sensibilisation à lrsquo;hameçonnage dans les espaces numériques de travail

En raison de la multiplication des actes malveillants visant les espaces numériques de travail (ENT), les autorités françaises en charge des sujets de cybersécurité et le ministère de l’Éducation nationale, de l’Enseignement supérieur et de la Recherche ont souhaité mener une action de…

Mon, 24 Mar 2025 22:59:00 GMT

Fuite de données chez Autosur Diagnosur

nom, prénom, adresse email et postale, numéro de téléphone, place d’immatriculation

Mon Mar 24 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Intersport

n° de transaction, n° de facture, n° de référence PayPal, code de transaction, date de début / date de fin de la transaction, transaction débitée ou créditée, montant brut de la transaction, n° de compte du payeur, pseudo de l’acheteur, adresse de livraison et de facturation, identifiant utilisateur, nom et prénom,, source de paiement, numéro de la carte de fidélité

Thu Mar 20 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Éclaireuses et Éclaireurs de France

nom, prénom, genre, date et lieu de naissance, adresse, profession, email, téléphone fixe et mobile

Thu Mar 20 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Laforêt

dossier locataire, pièces d’identité, RIB

Thu Mar 13 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Le label ExpertCyber fête ses 4 ans : retour sur cette caution reconnue par les professionnels

Lancé en 2021 par Cybermalveillance.gouv.fr, le label ExpertCyber s’est imposé comme une référence pour identifier des prestataires de confiance experts en cybersécurité. 4 ans plus tard, il compte 200 entreprises labellisées, offrant leurs services aux professionnels et aux…

Mon, 10 Mar 2025 15:24:00 GMT

Fuite de données chez UTwin

identité, adresse email, numéro de téléphone

Wed Mar 05 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez La Poste

nom, prénom, email, adresse postale, année de naissance, numéro de téléphone

Tue Mar 04 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Côté Sushi

nom, prénom, date de naissance, coordonnées de contact, programme de fidélité

Tue Mar 04 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez École Nationale de la Sécurité

civilité, nom, prénom, date de naissance, adresse, téléphone, email, ville et payes de naissance, nationalité, numéro de sécurité sociale, numéro Pôle Emploi, numéro carte VTC, diplôme, niveau d’étude

Fri Feb 28 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Zephir

nom, prénom, email, téléphone, IBAN

Fri Feb 28 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez EDF DPIH

plan d’intervention et de maintenance des centrales, résultats des contrôles et opérations de sécurité, identifiants des agents de maintenance

Fri Feb 28 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Nord Emploi

nom, prénom, téléphone, adresse, n° allocataire, organisme référent, formulaire RSA & CAF, CV, date ouverture des droits, date de cessation d’inscription, notification projet personnalisé, modalité accompagnement, status analphabétisme, capacité à utiliser des outils informatiques, solution de garde d’enfant, soutien par un réseau professionnel, nombre de candidatures, vie professionnelle, expérience associative et professionnelle, formations, savoir-faire, métiers envisagés, centre d’intérêt, certification, langue, connaissance des outils bureautique, permis de conduire

Wed Feb 26 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Fédération Française de Foot

nom, prénom, genre, date et lieu de naissance, nationalité, adresse postale, adresse email, numéro de téléphone, photo, copie du justificatif d’identité

Fri Feb 21 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Service Départemental d'Incendie et de Secours de la Vienne

Wed Feb 19 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Sport Découverte

nom, prénom, date de naissance, numéro de téléphone, adresse mail

Mon Feb 17 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Mutuelle des motards

nom, prénom, adresse email, numéro de téléphone, code postal

Thu Feb 13 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Chronopost

nom, prénom, numéro de téléphone, adresse, signature

Wed Feb 12 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Caisse des dépôts et des consignations

70 000 personnes

Wed Feb 12 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Découvrez « Cyber en Clair », la nouvelle campagne de sensibilisation de Cybermalveillance.gouv.fr destinée aux jeunes

À l’occasion de la 22ème édition du Safer Internet Day, la journée internationale pour un Internet plus sûr, Cybermalveillance.gouv.fr lance Cyber en Clair, une campagne pour sensibiliser les jeunes aux usages du numérique. Qu’est-ce que la cybersécurité ? Les téléchargements…

Tue, 11 Feb 2025 09:39:00 GMT

Fuite de données chez King Jouet

nom, prénom, email, numéro de téléphone, détail de la commande

Tue Feb 11 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Espace-Recettes.fr Vorwerk

nom complet, adresse postale, adresse email, numéro de téléphone, données de préférence Thermomix

Thu Feb 06 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez AIDES

nom, prénom, date de naissance, adresse postale, téléphone, adresse email, IBAN, numéro de sécurité sociale, résultat d’examen de santé

Mon Jan 27 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez E.Leclerc

nom, prénom, adresse email, identifiant d’accès, numéro de dossier, montant de prime, libellé de prestation

Fri Jan 24 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Fédération Française Montagne Escalade

nom, prénom, adresse postale, adresse email, identifiant, date de naissance, numéro de téléphone

Fri Jan 24 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Fédération Française de la montagne et de l'escalade

nom, prénom, sexe, date de naissance, adresse postale, téléphone, adresse email

Thu Jan 23 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

#PrenezLaConfiance : six acteurs français engagés lancent une campagne commune pour sensibiliser les citoyens aux bons réflexes et améliorer leur confiance dans leurs usages du numérique

Réunis dans le consortium Confiance numérique du quotidien, la Caisse des Dépôts, la Croix-Rouge française, Cybermalveillance.gouv.fr, Docaposte, Inria et Orange lancent, ce 20 janvier, une campagne nationale de sensibilisation aux bons réflexes auprès du grand public. Elle vise à…

Wed, 22 Jan 2025 09:04:00 GMT

Cybermalveillance.gouv.fr lance une AlerteCyber concernant des failles de sécurité critiques dans les produits Microsoft

Cybermalveillance.gouv.fr déclenche ce jour une nouvelle AlerteCyber concernant des failles de sécurité critiques dans les produits Microsoft. Il est primordial de les corriger le plus rapidement possible en mettant à jour les systèmes concernés pour réduire les risques d’une cyberattaque.

Mon, 20 Jan 2025 17:49:00 GMT

Alerte Cyber : Failles de sécurité critiques dans les produits Microsoft

Failles de sécurité critiques dans les produits Microsoft Date de l’alerte : 20/01/2025 Risques Espionnage, vol, voire destruction de vos données suite à la prise de contrôle à distance de vos équipements concernés. …

Mon, 20 Jan 2025 13:07:00 GMT

Fuite de données chez Fédération Française de tir à l'arc

nom, prénom, sexe, date de naissance, adresse postale, téléphone, adresse email, photo de profil

Mon Jan 20 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Kiabi

nom, prénom, date de naissance, IBAN

Tue Jan 14 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Fédération Française de Roller Skateboard

nom, prénom, adresse email, adresse postale, date et lieu de naissance, numéro de téléphone, numéro de licence

Tue Jan 14 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Fédération Française de Force

64 512 comptes

Tue Jan 14 2025 01:00:00 GMT+0100 (heure normale d’Europe centrale)

L’association ECTI rejoint Cybermalveillance.gouv.fr

Créé en 2017 par l’ANSSI et le ministère de l’Intérieur pour permettre à l’État d’apporter une réponse au grand public, aux entreprises et aux collectivités, Cybermalveillance.gouv.fr (GIP ACYMA) accueille 1 nouvelle entité au sein de son dispositif qui compte désormais 64 membres : ECTI.

Thu, 09 Jan 2025 08:12:00 GMT

Fuite de données chez Cogitis

82Go

Tue Dec 31 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Atos

Mon Dec 30 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Arsoé

Fri Dec 27 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Volkswagen

données client, localisation

Fri Dec 27 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Peugeot

Thu Dec 26 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Cyberhaven

Wed Dec 25 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Wakanim

Fri Dec 20 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Sport 2000

Fri Dec 20 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Go Sport

Fri Dec 20 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Electro Dépôt

Fri Dec 20 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Top Achat

nom, prénom, email, addresse

Thu Dec 12 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Deloitte

Wed Dec 04 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Guy Demarle

nom, prénom, adresse postale, adresse email, numéro de téléphone

Tue Dec 03 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Norauto

nom, prénom, adresse email, adresse postale, numéro de téléphone, numéro de pièce d’identité

Mon Dec 02 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Ze Camping

nom, prénom, login, mot de passe hashé, date de naissance, téléphone, adresse postale

Wed Nov 27 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez JVS

nom, prénom, adresse email, login, numéro de téléphone, collectivité

Tue Nov 26 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez SFR

nom, prénom, adresse email, adresse postale, code postal, ville, date de naissance, département de naissance, numéro de téléphone, 150 000 IBAN

Sun Nov 24 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Banque de France

identité des employés, poste, salaire, identité des clients, comptes bancaires, historique, webmail, documents stratégiques, rapports financiers

Sat Nov 23 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Companie de Transport Strasbourgeoise

inconnu

Fri Nov 22 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Chambres d’agriculture

Thu Nov 21 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Auchan

nom, prénom, adresse email, adresse postale, téléphone, composition familiale, date de naissance, numéro de carte de fidélité, montant de la cagnotte

Tue Nov 19 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Mediboard

nom, prénom, date de naissance et de décès, genre, numéro de téléphone, médecin traitant, prescriptions médicales, identifiant externe, historique des soins

Tue Nov 19 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Direct Assurance

nom, adresse email, numéros de téléphone, IBAN

Tue Nov 19 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Le Point

nom, adresse email, numéro de téléphone, adresse postale, date de naissance

Mon Nov 18 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Huttopia

nom, prénom, adresse email

Thu Nov 14 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Molotov

adresse email, nom, prénom, date de naissance

Wed Nov 13 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Picard

nom, prénom, date de naissance, adresse email, adresse postale, numéro de téléphone, numéro de carte de fidélité, points de fidélité, bons de réduction, historique des commandes, tickets de caisse, liste d’achats, favoris d’achat

Tue Nov 12 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Free Mobile

nom, prénom, date de naissance, lieu de naissance, adresse email, adresse postale, identifiant abonné, type d’offre souscrite, date de souscription, abonnement actif ou non

Fri Oct 25 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Free

nom, prénom, date de naissance, lieu de naissance, adresse email, adresse postale, IBAN, identifiant abonné, type d’offre souscrite, date de souscription, abonnement actif ou non

Fri Oct 25 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Ornikar

nom, prénom, date de naissance, adresse email, adresse postale, numéro de téléphone

Thu Oct 24 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Meilleurtaux

nom, prénom, date de naissance, pays de naissance, adresse postale, numéro de téléphone, situation professionnelle, situation familiale, revenus

Mon Sep 30 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez RED by SFR

nom, prénom, adresse email, adresse postale, numéro de téléphone, IBAN, type de forfait, identifiant de la carte SIM, identifiant du smartphone

Wed Sep 18 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Assurance retraite

nom, prénom, adresse, numéro de Sécurité sociale, montant approximatif des ressources

Fri Sep 13 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Cybertek

nom, prénom, adresse email, adresse postale, numéro de téléphone

Thu Sep 12 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Cultura

nom, prénom, adresse email, adresse postale, numéro de téléphone, historique des commandes

Tue Sep 10 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Boulanger

nom, prénom, adresse email, adresse postale, numéro de téléphone

Sat Sep 07 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Ticketmaster

nom, prénom, adresse email, adresse postale, numéro de téléphone, distorique des transactions, détails des commandes, informations bancaires (4 derniers numéros de la carte enregistrée et date d’expiration)

Sun Apr 28 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez Le Slip Français

nom, prénom, téléphones, adresse postale, adresse email, numéros de commandes

Mon Apr 15 2024 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

Fuite de données chez France Travail

nom, prénom, numéro de sécurité sociale, adresse email, adresse postale, numéro de téléphone, identifiants France Travail

Fri Mar 08 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez LDLC

nom, prénom, adresse email, adresse postale, numéro de téléphone

Fri Mar 01 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Almerys, Viamedis

nom, prénom, date de naissance, numéro de sécurité sociale, nom de l’assureur de santé, contrat souscrit

Tue Feb 06 2024 01:00:00 GMT+0100 (heure normale d’Europe centrale)

Fuite de données chez Dailymotion

nom d'utilisateur, adresse email, Hachage des mots de passe

Sat Oct 01 2016 02:00:00 GMT+0200 (heure d’été d’Europe centrale)