Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

47
active users

veganism.social: AboutStatusPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7+vegan

#vulnerability

2 posts2 participants0 posts today
Public
BeyondMachines :verified:

Critical flaw reported in InstaWP Connect WordPress plugin
The InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.

**If you have installed InstaWP Connect WordPress plugin, update it NOW. The update is trivial, and it's much easier to update a plugin and sleep easy than to worry whether you can be hacked.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical flaw reported in InstaWP Connect WordPress pluginThe InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.
Public
ZeroDaily

🚨 A critical authentication bypass flaw in CrushFTP is being actively exploited in ransomware campaigns! Attackers can gain unauthorized access & compromise file transfer systems. If you use CrushFTP v10 or v11, patch immediately to protect your data and business. Stay alert, monitor for suspicious activity, & review CISA guidance for mitigation steps. 🔒

Learn more: zerodaily.me/blog/2025-04-13-c

ZeroDaily - Cybersecurity News · Critical CrushFTP Authentication Bypass Vulnerability CVE-2025-31161: What You Need to KnowCISA adds critical CrushFTP authentication bypass vulnerability (CVE-2025-31161) to its Known Exploited Vulnerabilities catalog after widespread exploitation in ransomware campaigns. Learn how to protect your file transfer systems now.
#Cybersecurity#Vulnerability#CVE202531161
Public
Benjamin Carr, Ph.D. 👨🏻‍💻🧬

#CVE fallout: The splintering of the standard #vulnerability tracking system has begun
Earlier this week, CVE program faced doom as the #US #government discontinued funding for #MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute.
Meanwhile, the #EU is rolling its own. #EuropeanUnion Agency for #Cybersecurity (#ENISA) developed and maintains this alternative, which is known as the #EUVD, or the European Union Vulnerability Database.
theregister.com/2025/04/18/spl

The Register · CVE fallout: The splintering of the standard vulnerability tracking system has begunBy Jessica Lyons
Continued thread
Public
Estelle Platini

"The reason you begin tracking your data is that you have
some uncertainty about yourself that you believe the data
can illuminate. It’s about introspection, reflection, seeing
patterns, and arriving at realizations about who you are
and how you might change."
—Eric Boyd, self-tracker

an article by Natasha D. Schüll, 2019, "The Data-Based Self:
Self-Quantification and the Data-Driven (Good) Life" natashadowschull.org/wp-conten

#concentration#credit#scores
Public
BeyondMachines :verified:

Critical authentication vulnerability reported in Yokogawa Recorder Products
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical authentication vulnerability reported in Yokogawa Recorder ProductsA critical security vulnerability (CVE-2025-1863, CVSS 9.3) in Yokogawa industrial recorder products allows unauthorized remote access to all settings and operations functions due to authentication being disabled by default on networked devices. The flaw affects multiple Yokogawa recorder product lines and versions. Yokogawa recommends mitigating the risk by enabling authentication and changing default passwords.
Public
Tod Beardsley

#CVE Foundation just dropped a FAQ.

thecvefoundation.org/frequentl

Also, just FYI, I’ve been helping with the Foundation setup and goals articulation and logistics for the last few weeks. I didn’t expect we’d pull the trigger on being public this week, precisely, but here we are!

I’m not employed there or anything (I work at @runZeroInc) but since I care about CVE, I want to do what I can to make sure it thrives and we don’t wind up back again with 15 competing standards for #vulnerability tracking if USG funding goes 💨 poof! 💨 one day (or other single-source-funding style disasters).

Anyway, back to my ill-timed family vacation. I’ll be more online next week. :)

www.thecvefoundation.orgCVE Foundation - Frequently Asked QuestionsWhat do you believe? We believe that CVEs are the cornerstone of cybersecurity defense. Without a common language to communicate about vulnerabilities, chaos follows. This is why the CVE Program was created 25 years ago and it is even more true today. We believe in a free, publicly available
Public
Erik Jonker

The Cisco Webex app apparently has a Client-Side Remote Code Execution Vulnerability.
sec.cloudapps.cisco.com/securi
#webex #cybersecurity #vulnerability #cisco

CiscoCisco Security Advisory: Cisco Webex App Client-Side Remote Code Execution VulnerabilityA vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC
Public *
Arie van Deursen 🇳🇱🇪🇺🟥

As part of the 2022 EU NIS2 directive, the EU agency for cybersecurity (ENISA) has been setting up the EU Vulnerability Database (EUVD) at euvd.enisa.europa.eu/ (now in beta).

Started as a collaboration with MITRE's authoritative CVE database, EUVD may now end up replacing it, as US funding for the CVE database has stopped.

euvd.enisa.europa.euVulnerability DatabaseWeb site created using create-react-app
#enisa#euvd#cve
Public *
D_70WN 🌈 🏳️‍⚧️

Ein bekannter schickte folgende Nachricht:

"Hi,

Live from Belgium, all the public services of the French part of the country (Wallonia) are offline because a very serious intrusion has been discovered yesterday evening.

A friend told me it’s due to an exploited #zeroday #vulnerability in a Ivanti #VPN endpoint."

Es sieht so aus als wenn er recht hat DNS Auflösung und direkte ansprache via IP ist nicht möglich.

Hi, Live from Belgium, all the public services of the French part of the country (Wallonia) are offline because a very serious intrusion has been discovered yesterday evening. A friend told me it’s due to an exploited zero-day vulnerability in a Ivanti VPN endpoint. Matthieu
#ivanti#wallonie#belgium
Public *
WINGS_radio

#US #local #climate #vulnerability From the #Environmental #Defense Fund, #Texas A&M University, and Darkhorse Analytics, the US Climate Vulnerability Index combines likely climate effects with other factors,... to show “what is driving the challenges, so policymakers and communities themselves can take action to build climate resilience where it is needed most.”
map.climatevulnerabilityindex.

The U.S. Climate Vulnerability IndexOverall Climate Vulnerability in The U.S. | The U.S. Climate Vulnerability Index
VegansExploreLive feeds
About