==========================
== Gharib Personal Blog ==
==========================
A Techi Personal Blog

CVE-2025-1408 - ProfileGrid WordPress Unauthorized Data Modification Vulnerability

CVE-2025-1408 - ProfileGrid WordPress Unauthorized Data Modification Vulnerability

CVE ID : CVE-2025-1408 Published : March 22, 2025, 5:15 a.m. | 9 hours, 31 minutes ago Description : The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up

CVE ID : CVE-2025-1408
Published : March 22, 2025, 5:15 a.m. | 9 hours, 31 minutes ago
Description : The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to approve or decline join group requests which is normally should be available to administrators only.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2024-13739 - WordPress Newsletters Reflected Cross-Site Scripting

CVE-2024-13739 - WordPress Newsletters Reflected Cross-Site Scripting

CVE ID : CVE-2024-13739 Published : March 22, 2025, 5:15 a.m. | 8 hours, 44 minutes ago Description : The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the “to” parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it

CVE ID : CVE-2024-13739
Published : March 22, 2025, 5:15 a.m. | 8 hours, 44 minutes ago
Description : The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the “to” parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

A Cute Handheld Gaming Device That You Can Build In An Altoids Tin

A Cute Handheld Gaming Device That You Can Build In An Altoids Tin

The MintyPi was a popular project that put a Raspberry Pi inside an Altoids tin to make a pocketable gaming handheld. Unfortunately, it’s not the easiest build to replicate anymore, …read more

The MintyPi was a popular project that put a Raspberry Pi inside an Altoids tin to make a pocketable gaming handheld. Unfortunately, it’s not the easiest build to replicate anymore, …read more

Read more...

CVE-2024-13737 - Motors WordPress Car Dealer Unauthorized Data Modification Vulnerability

CVE-2024-13737 - Motors WordPress Car Dealer Unauthorized Data Modification Vulnerability

CVE ID : CVE-2024-13737 Published : March 22, 2025, 3:15 a.m. | 10 hours, 10 minutes ago Description : The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up

CVE ID : CVE-2024-13737
Published : March 22, 2025, 3:15 a.m. | 10 hours, 10 minutes ago
Description : The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts or create listing templates. This issue requires Elementor plugin to be installed, which is a required plugin for Motors Starter Theme.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-30472 - Corosync Stack-Based Buffer Overflow Vulnerability

CVE-2025-30472 - Corosync Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-30472 Published : March 22, 2025, 2:15 a.m. | 12 hours, 3 minutes ago Description : Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. Severity: 9.0 | CRITICAL Visit the link for

CVE ID : CVE-2025-30472
Published : March 22, 2025, 2:15 a.m. | 12 hours, 3 minutes ago
Description : Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

Producing Syngas From CO2 and Sunlight With Direct Air Capture

Producing Syngas From CO2 and Sunlight With Direct Air Capture

There is more carbon dioxide (CO2) in the atmosphere these days than ever before in human history, and while it would be marvelous to use these carbon atoms for something …read more

There is more carbon dioxide (CO2) in the atmosphere these days than ever before in human history, and while it would be marvelous to use these carbon atoms for something …read more

Read more...

remote Aztech DSL5005EN Router - sysAccessasp Admin Password Change Unauthenticated

remote Aztech DSL5005EN Router - sysAccessasp Admin Password Change Unauthenticated

Aztech DSL5005EN Router - ‘sysAccess.asp’ Admin Password Change (Unauthenticated)

Aztech DSL5005EN Router - ‘sysAccess.asp’ Admin Password Change (Unauthenticated)

Source

remote Microsoft Windows - NTLM Hash Leak Malicious Windows Theme

remote Microsoft Windows - NTLM Hash Leak Malicious Windows Theme

Microsoft Windows - NTLM Hash Leak Malicious Windows Theme

Microsoft Windows - NTLM Hash Leak Malicious Windows Theme

Source

webapps TeamPass 30021 - SQL Injection

webapps TeamPass 30021 - SQL Injection

TeamPass 3.0.0.21 - SQL Injection

TeamPass 3.0.0.21 - SQL Injection

Source

HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with Health Fitness Corporation 227k monetary penalty plus corrective action plan

HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with Health Fitness Corporation 227k monetary penalty plus corrective action plan

From HHS’s press release today: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Health Fitness Corporation (Health Fitness), located in Illinois, that provides wellness plans to clients across the country, resolving a potential violation under the Health Insurance Portability and

Read more...
Previous Page 4 of 576 Next Page