Tagged: Cybersecurity Alert

In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted...

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4...

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment. More information : https://cve.naver.com/detail/cve-2025-62583.html

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment. More information : https://cve.naver.com/detail/cve-2025-62584.html

Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment. More information : https://cve.naver.com/detail/cve-2025-62585.html

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user...

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘process_plugin_actions’ function called via an AJAX action in versions up to, and including,...

The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the ‘fb_ajax_login_or_register’ function and in the ‘google_ajax_login_or_register’ function....

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the ‘cwp_addons_update_plugin_cb’ function in all versions up to, and including, 1.0.14. This makes it possible...

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can...

HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions. More information : https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124512

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for...

HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions. More information...

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on...