CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
Month: January 2025
CISA: Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways Ivanti released security updates to address vulnerabilities (CVE-2025-0282,...
[ABYSS] – Ransomware Victim: kingpower[.]com
Ransomware Group: ABYSS VICTIM NAME: kingpowercom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CVE Alert: CVE-2025-22585
Vulnerability Summary: CVE-2025-22585 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Ultimate Image Hover Effects...
CVE Alert: CVE-2025-22582
Vulnerability Summary: CVE-2025-22582 Cross-Site Request Forgery (CSRF) vulnerability in Scott Nellé Uptime Robot allows Stored XSS.This issue affects Uptime Robot:...
CVE Alert: CVE-2025-22571
Vulnerability Summary: CVE-2025-22571 Cross-Site Request Forgery (CSRF) vulnerability in Instabot Instabot allows Cross Site Request Forgery.This issue affects Instabot: from...
CVE Alert: CVE-2025-22584
Vulnerability Summary: CVE-2025-22584 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pluginspoint Timeline Pro allows DOM-Based...
CVE Alert: CVE-2025-22572
Vulnerability Summary: CVE-2025-22572 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brianmiyaji Legacy ePlayer allows Stored...
CVE Alert: CVE-2025-22581
Vulnerability Summary: CVE-2025-22581 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bytephp Arcade Ready allows Stored...
CVE Alert: CVE-2025-22580
Vulnerability Summary: CVE-2025-22580 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biltorvet A/S Biltorvet Dealer Tools...
CVE Alert: CVE-2025-22593
Vulnerability Summary: CVE-2025-22593 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burria Laika Pedigree Tree allows...
CVE Alert: CVE-2025-22579
Vulnerability Summary: CVE-2025-22579 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly WP Header Notification allows...
CVE Alert: CVE-2025-22592
Vulnerability Summary: CVE-2025-22592 Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue...
HackerOne Bug Bounty Disclosure: sql-injection-in-url-path-leads-to-database-access-tinopreter
Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:tinopreterLink to Submitters Profile:https://hackerone.com/tinopreter Report Title:SQL injection in URL path leads...
HackerOne Bug Bounty Disclosure: otp-code-leaked-in-api-response-tinopreter
Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:tinopreterLink to Submitters Profile:https://hackerone.com/tinopreter Report Title:OTP code Leaked in API Response...
HackerOne Bug Bounty Disclosure: yet-another-otp-code-leaked-in-the-api-response-tinopreter
Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:tinopreterLink to Submitters Profile:https://hackerone.com/tinopreter Report Title:Yet Another OTP code Leaked in...
[AKIRA] – Ransomware Victim: Press Color
Ransomware Group: AKIRA VICTIM NAME: Press Color NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
CVE Alert: CVE-2024-12430
Vulnerability Summary: CVE-2024-12430 An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the...
CVE Alert: CVE-2025-22590
Vulnerability Summary: CVE-2025-22590 Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere allows Stored XSS.This issue affects Prayer Times...
CVE Alert: CVE-2025-22589
Vulnerability Summary: CVE-2025-22589 Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet allows Stored XSS.This issue affects Quote Tweet: from...
CVE Alert: CVE-2025-22591
Vulnerability Summary: CVE-2025-22591 Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue...
CVE Alert: CVE-2024-12429
Vulnerability Summary: CVE-2024-12429 An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in...
CVE Alert: CVE-2024-55555
Vulnerability Summary: CVE-2024-55555 Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the...
CVE Alert: CVE-2025-0299
Vulnerability Summary: CVE-2025-0299 A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an...
