Aggregator

Submit #567923 / VDB-309004

A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. The identification of this vulnerability is CVE-2025-4701. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /admin/visitors-form.php. The manipulation of the argument Category leads to sql injection. This vulnerability was named CVE-2025-4699. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #567826 / VDB-309003

Submit #567827 / VDB-309003

Submit #567821 / VDB-309002

Submit #567820 / VDB-309001

Submit #567805 / VDB-309000

2025年网络空间安全学术会议征文通知

A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation of the argument email leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4698. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid leads to sql injection. This vulnerability is handled as CVE-2025-4697. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #567796 / VDB-308999

In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemic vulnerabilities in API management. As more organizations integrate AI into [...]

The post Developer Leaks API Key for Private Tesla, SpaceX LLMs appeared first on Wallarm.

The post Developer Leaks API Key for Private Tesla, SpaceX LLMs appeared first on Security Boulevard.

A critical vulnerability in Microsoft’s BitLocker full disk encryption, demonstrating that it can be bypassed in under five minutes using a software-only attack dubbed “Bitpixie” (CVE-2023-21563). A public proof-of-concept (PoC) exploit has now been released, highlighting the severity of the risk to millions of Windows devices relying on BitLocker without pre-boot authentication. How the Bitpixie […]

The post BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released appeared first on Cyber Security News.

A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is known as CVE-2025-4696. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. This vulnerability is traded as CVE-2025-4695. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #567738 / VDB-308998

Submit #567701 / VDB-283418

Submit #567695 / VDB-308997