Aggregator

Submit #645388 / VDB-323079

Submit #645387 / VDB-323078

Submit #645386 / VDB-323077

A vulnerability labeled as critical has been found in Campcodes Online Loan Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_payment. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-10109. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Campcodes Online Loan Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_loan. Performing manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2025-10108. The attack may be initiated remotely. In addition, an exploit is available.

Submit #645383 / VDB-323076

本文提出了一种名为 GlareShell 的创新性PHP Webshell检测框架，该框架基于图学习技术，融合了语义嵌入、风险权重分配和图神经网络分类三重机制。

Submit #645379 / VDB-323075

Submit #645378 / VDB-323074

Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package. Canadian investment platform Wealthsimple disclosed a data breach that impacted some customers. The company discovered the security breach on August 30, which stemmed from a supply chain attack via a trusted third-party software package. “On August 30th, […]

MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity…

A vulnerability categorized as critical has been discovered in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. This vulnerability is uniquely identified as CVE-2025-10106. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. This vulnerability is handled as CVE-2025-10105. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Microsoft .NET 6.0, .NetCore.App.Runtime.linux-arm, .NetCore.App.Runtime.linux-arm64, .NetCore.App.Runtime.linux-musl-arm, .NetCore.App.Runtime.linux-musl-arm64, .NetCore.App.Runtime.linux-musl-x64, .NetCore.App.Runtime.linux-x64, .NetCore.App.Runtime.osx-arm64, .NetCore.App.Runtime.osx-x64, .NetCore.App.Runtime.win-arm, .NetCore.App.Runtime.win-arm64, .NetCore.App.Runtime.win-x64 and .NetCore.App.Runtime.win-x86 up to 6.0.36. It has been declared as problematic. Affected by this vulnerability is the function malloc in the library msdia140.dll. The manipulation results in integer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-36853. It is possible to launch the attack remotely. No exploit is available.

Submit #645354 / VDB-323073

Submit #645341 / VDB-323072

Organizations are seeking assistance to fix critical vulnerabilities. Solutions that orchestrate and automate network device protection put us on the right path.

A massive data breach in early September 2025 attributed to a cyber actor known simply as “Kim” laid bare an unprecedented view into the operational playbook of Kimsuky (APT43). The leak, comprising terminal history files, phishing domains, OCR workflows, compiled stagers, and a full Linux rootkit, revealed a credential-centric campaign that targeted South Korean government […]

The post Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure appeared first on Cyber Security News.

Более 600 уязвимых NetScaler в Рунете.