Vulnerability

Overview CVE-2025-12377 describes a security vulnerability found in the Envira Photo Gallery plugin for WordPress. This vulnerability allows authenticated attackers with Author-level access or higher to perform unauthorized modifications to data, such as removing images from arbitrary galleries. The issue stems from a missing capability check on several functions within the plugin. This vulnerability affects … Read more

Overview This article provides a detailed analysis of CVE-2025-64740, a security vulnerability affecting the Zoom Workplace VDI Client for Windows. Specifically, the flaw stems from improper verification of cryptographic signatures within the installer. This improper validation may allow a local, authenticated user to elevate their privileges on the system. Technical Details CVE-2025-64740 centers around the … Read more

Overview CVE-2025-13119 identifies a Cross-Site Request Forgery (CSRF) vulnerability present in Fabian Ros/SourceCodester Simple E-Banking System version 1.0. This flaw allows an attacker to potentially execute unauthorized actions on behalf of legitimate users, posing a significant security risk. The exploit is remotely triggerable and publicly available, making prompt mitigation essential. Technical Details The vulnerability exists … Read more

Overview CVE-2025-13118 is a critical improper authorization vulnerability affecting macrozheng mall-swarm up to version 1.0.3. This vulnerability resides in the paySuccess function of the /order/paySuccess endpoint. Successful exploitation allows a remote attacker to manipulate the orderID argument, potentially gaining unauthorized access to order information and potentially manipulating order status. A public exploit is currently available, … Read more

CVE-2025-43205 is a security vulnerability affecting Apple’s iOS, iPadOS, watchOS, tvOS, and visionOS operating systems. This vulnerability stems from an out-of-bounds access issue that could potentially allow a malicious application to bypass Address Space Layout Randomization (ASLR), a critical security mechanism. Technical Details The core of the vulnerability lies in an out-of-bounds access issue. This … Read more

Overview CVE-2025-11761 describes a potential security vulnerability identified within the HP Client Management Script Library software. This vulnerability could potentially allow an attacker to escalate their privileges during the installation process. HP has released software updates to address and mitigate this risk. This article provides an overview of the vulnerability, its potential impact, and the … Read more