CVE ID : CVE-2025-22597 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected…

CVE ID : CVE-2025-22152 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can…

CVE ID : CVE-2024-57687 Published : Jan. 10, 2025, 2:15 p.m. | 2 days, 1 hour ago Description : An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the “Cookie” GET request parameter. Severity: 9.8 | CRITICAL Visit the link for more…

CVE ID : CVE-2024-57686 Published : Jan. 10, 2025, 2:15 p.m. | 2 days, 1 hour ago Description : A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the “pagetitle” parameter. Severity: 9.8 | CRITICAL Visit the link for more details,…

CVE ID : CVE-2024-41787 Published : Jan. 10, 2025, 2:15 p.m. | 2 days, 1 hour ago Description : IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute…

TheCyberThrone Security Weekly Review – January 11, 2025 Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 11, 2025.Redis was affected by CV … Read more Published Date: Jan 12, 2025 (2 hours, 1 minute ago) Vulnerabilities has been mentioned in this…

Chinese MirrorFace APT targets Japan The MirrorFace Advanced Persistent Threat (APT) group, also known as Earth Kasha, has been linked to a series of cyber-attacks targeting Japan. These attacks have been ongoing since 2019 and have prim … Read more Published Date: Jan 12, 2025 (6 hours, 11 minutes ago) Vulnerabilities has been mentioned in this article.…

CVE-2025-22777 (CVSS 9.8): Critical Security Alert for GiveWP Plugin with 100,000 Active Installations A severe vulnerability has been identified in the GiveWP plugin, one of WordPress’s most widely used tools for online donations and fundraising. Tracked as CVE-2025-22777, the flaw has a CVSS score of … Read more Published Date: Jan 12, 2025 (14 hours, 44 minutes…