Author: Monika Panwar
-
CVE-2025-64231: WordPress – Malicious File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in “RedefiningTheWeb”, “WordPress Contact Form 7 PDF”, “Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf” allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through <= 3.0.0. CVE 2025-64231 CVss V3 9.8 Published date 18 dec 2025 Explotation None Solution: Upadte wordpress…
-
CVE-2025-40639: SQL Injection
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the ‘promo_send’ parameter in the ‘/assets/php/calculate_discount.php‘ CVE CVE-2025-40639 CVSSv3 9.8 Published Date 9 March 2026 Exploitation None Impact Not applicable Solution: Eventbot team has been fix this vulnerability.
-
CVE-2025-15029: SQL Injection in Centreon Infra Monitoring
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04 CVE CVE-2025-15029 CVSSv3 9.8 Critical Published Date 5 Jan 2026 Impact device…
-
CVE-2023-47359: VLC impacted with Buffer Overflow
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. CVE 2023-47359 CVSSv3 9.8 critical Published Date 7 nov 2023 Imact VLC< 3.0.20 Explotation llhttps://0xariana.github.io/blog/real_bugs/vlc/mms Solution: Update your VLC software
-
CVE-2026-2316: Insufficient policy enforcement in Frames
Vulnerbility: Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE CVE-2026-2316 CVSSv3 6.5 Medium Published date 11-Feb-2026 Impact Google Chrome <145.0.7632.45 Explotation None Solution: Update to latest version of Google Chrome
-
CVE-2025-60021: Apache Remote Code Execution
Vulnerability Remote command injection vulnerability in heap profiler built-in service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using…
-
CVE-2025-30401: WhatsApp Security Advisory
Vulnerability: A spoofing issue in Whatapp for window prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachments file name extension.A malicious crafted mismatch could have caused the recipient to inadvertently excute arbitrary code rather than view the attachment when mannually opening the attachment…
-
CVE-2025-55177: WhatsApp Zero click vulnerbility on Apple devices
Vulnerbilites: Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability…
-
CVE-2025-55179 WhatsApp security advisiorey
Vulnerability: Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild. CVE CVE-2025-55179…