Tag: CVE
-
CVE-2025-64231: WordPress – Malicious File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in “RedefiningTheWeb”, “WordPress Contact Form 7 PDF”, “Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf” allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through <= 3.0.0. CVE 2025-64231 CVss V3 9.8 Published date 18 dec 2025 Explotation None Solution: Upadte wordpress…
-
CVE-2025-40639: SQL Injection
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the ‘promo_send’ parameter in the ‘/assets/php/calculate_discount.php‘ CVE CVE-2025-40639 CVSSv3 9.8 Published Date 9 March 2026 Exploitation None Impact Not applicable Solution: Eventbot team has been fix this vulnerability.
-
CVE-2025-15029: SQL Injection in Centreon Infra Monitoring
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04 CVE CVE-2025-15029 CVSSv3 9.8 Critical Published Date 5 Jan 2026 Impact device…
-
CVE-2026-2316: Insufficient policy enforcement in Frames
Vulnerbility: Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE CVE-2026-2316 CVSSv3 6.5 Medium Published date 11-Feb-2026 Impact Google Chrome <145.0.7632.45 Explotation None Solution: Update to latest version of Google Chrome
-
CVE-2025-60021: Apache Remote Code Execution
Vulnerability Remote command injection vulnerability in heap profiler built-in service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using…
-
CVE-2025-30401: WhatsApp Security Advisory
Vulnerability: A spoofing issue in Whatapp for window prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachments file name extension.A malicious crafted mismatch could have caused the recipient to inadvertently excute arbitrary code rather than view the attachment when mannually opening the attachment…
-
CVE-2025-55177: WhatsApp Zero click vulnerbility on Apple devices
Vulnerbilites: Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability…
-
CVE-2025-55179 WhatsApp security advisiorey
Vulnerability: Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild. CVE CVE-2025-55179…
-
CVE-2024-0132: Critical Vulnerability in NVIDIA Container Toolkit
Overview: A critical security vulnerability has been disclosed in NVIDIA Container Toolkit v1.16.2 and NVIDIA GPU Operator v24.6.2. The critical security flaw, if exploited could allow threat actors to break out of the confines of a container and gain full access to the host machine. CVE CVE-2024-0132CVE-2024-0133 CVSS v3 Highest 9.0 Publish Date 09-Sep-2024 Impacted…
-
CVE-2024-7969: Multiple vulnerabilities in Google Chrome
Overview: Multiple vulnerabilities have been reported in Google Chrome, which could allow a remote attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the targeted system. CVE CVE-2024-7969CVE-2024-8193CVE-2024-8194CVE-2024-8198 CVSS v3 Highest 8.8 Publish Date 21-Aug-2024 Impacted Software <=128.0.6613.113/.114 for Windows<=128.0.6613.113/.114 for Mac<=128.0.6613.113 for Linux Exploit availability NO as on post date…