Aggregator

CVE-2025-6403 | code-projects School Fees Payment System 1.0 /student.php ID sql injection

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-6403. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6402 | TOTOLINK X15 1.0.0-B20230714.1105 HTTP POST Request /boafrm/formIpv6Setup submit-url buffer overflow

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability was named CVE-2025-6402. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6401 | TOTOLINK N300RH 6.1c.1390_B20191101 HTTP POST Message /boafrm/formFilter url denial of service

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. This vulnerability is uniquely identified as CVE-2025-6401. Access to the local network is required for this attack. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6400 | TOTOLINK N300RH 6.1c.1390_B20191101 HTTP POST Message /boafrm/formPortFw service_type buffer overflow

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to buffer overflow. This vulnerability is handled as CVE-2025-6400. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-4981 | Mattermost up to 9.11.15/10.5.5/10.6.5/10.7.2/10.8.0 uncontrolled search path

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability has been found in Mattermost up to 9.11.15/10.5.5/10.6.5/10.7.2/10.8.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2025-4981. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6399 | TOTOLINK X15 1.0.0-B20230714.1105 HTTP POST Request /boafrm/formIPv6Addr submit-url buffer overflow

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is traded as CVE-2025-6399. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5255 | Core.ai Phoenix Code up to 4.0.3 com.apple.security.cs.disable-library-validation DYLD_INSERT_LIBRARIES default permission

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Core.ai Phoenix Code up to 4.0.3. This issue affects some unknown processing of the component com.apple.security.cs.disable-library-validation. The manipulation of the argument DYLD_INSERT_LIBRARIES leads to incorrect default permissions. The identification of this vulnerability is CVE-2025-5255. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months 3 weeks ago

Zimperium zLabs has uncovered a highly advanced iteration of the GodFather Android banking malware, which employs a groundbreaking on-device virtualization technique to compromise legitimate mobile banking and cryptocurrency applications. Unlike traditional overlay attacks that merely mimic login screens, this malware creates a fully isolated virtual environment on the victim’s device, enabling attackers to monitor and […]

The post GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-5963 | Postbox 7.0.65 on macOS com.apple.security.cs.disable-library-validation DYLD_INSERT_LIBRARIES default permission

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability classified as critical was found in Postbox 7.0.65 on macOS. This vulnerability affects unknown code of the component com.apple.security.cs.disable-library-validation. The manipulation of the argument DYLD_INSERT_LIBRARIES leads to incorrect default permissions. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-5963. The attack needs to be approached locally. There is no exploit available.
vuldb.com

Managed ad