News & Sicurezza

CVE ID : CVE-2025-15440 Published : Feb. 11, 2026, 9:15 a.m. | 1 hour, 8 minutes ago Description : The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-9986 Published : Feb. 11, 2026, 9:15 a.m. | 1 hour, 8 minutes ago Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-13651 Published : Feb. 11, 2026, 9:15 a.m. | 1 hour, 8 minutes ago Description : Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-13650 Published : Feb. 11, 2026, 9:15 a.m. | 1 hour, 8 minutes ago Description : An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-13648 Published : Feb. 11, 2026, 9:15 a.m. | 1 hour, 8 minutes ago Description : An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html resulting in a stored XSS. This issue affects ZeusWeb: 6.1.31. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-13649 Published : Feb. 11, 2026, 9:15 a.m. | 1 hour, 8 minutes ago Description : An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

The 7-Zip Trap: How a 25-Year-Old Domain Was Weaponized to Turn Your PC into a Proxy Bot Security researchers have recently unveiled a sophisticated stratagem wherein adversaries gained control of the domain 7zip[.]com to proliferate deleterious software. It is paramount to note that the ... Read more Published Date: Feb 11, 2026 (15 hours, 51 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2025-11001 CVE-2025-0411

Silicon for a Century: Alphabet’s $32 Billion Debt Blitz Signals the Greatest Infrastructure Race in History In a concerted effort to bridge a projected $185 billion capital expenditure chasm for 2026, Alphabet, the parent organization of Google, has inaugurated an expansive debt issuance initiative. Accordi ... Read more Published Date: Feb 11, 2026 (16 hours, 3 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2024-50357

Windows Remote Access Connection Manager 0-Day Vulnerability Let Attackers Trigger DoS Attack Windows Remote Access Connection Manager 0-Day Vulnerability Microsoft has patched a zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, tracked as CVE-2026-21525, ... Read more Published Date: Feb 11, 2026 (16 hours, 7 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21525

February 2026 Patch Tuesday: Six Zero-Days Among 59 CVEs Patched Microsoft has addressed 59 vulnerabilities in its February 2026 security update release. These include six actively exploited vulnerabilities, three of which were publicly known, and five Critical vul ... Read more Published Date: Feb 11, 2026 (14 hours, 9 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23655 CVE-2026-21533 CVE-2026-21525 CVE-2026-21522 CVE-2026-21519 CVE-2026-21514 CVE-2026-21513 CVE-2026-21510 CVE-2026-24302 CVE-2026-24300 CVE-2026-21532

Microsoft dicht zes aangevallen lekken in Word, Windows en Internet Explorer Tijdens de patchdinsdag van februari heeft Microsoft updates uitgebracht voor zes actief aangevallen kwetsbaarheden in Word, Windows en Internet Explorer. Aanvallen vonden plaats voordat de patches be ... Read more Published Date: Feb 11, 2026 (14 hours, 14 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21533 CVE-2026-21525 CVE-2026-21519 CVE-2026-21514 CVE-2026-21513 CVE-2026-21510

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.