Aggregator

CVE-2025-5725 | SourceCodester Student Result Management System 1.0 Grading System Page grading-system Remark cross site scripting (EUVD-2025-17058)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. This vulnerability is known as CVE-2025-5725. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5724 | SourceCodester Student Result Management System 1.0 Subjects Page subjects Subject cross site scripting (EUVD-2025-17059)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. This vulnerability is traded as CVE-2025-5724. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2017-7018 | Apple iTunes up to 12.6.1 on Windows WebKit memory corruption (HT207928 / EDB-42373)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Apple iTunes up to 12.6.1 on Windows. It has been classified as critical. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-7018. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Qilin

Dark Feed IO
2 months 3 weeks ago

You must login to view this content

cohenido

CVE-2025-3835 | Zoho ManageEngine Exchange Reporter Plus up to 5721 Content Search Module unrestricted upload (EUVD-2025-17446)

Vuldb Updates
2 months 3 weeks ago
A vulnerability classified as critical was found in Zoho ManageEngine Exchange Reporter Plus up to 5721. Affected by this vulnerability is an unknown functionality of the component Content Search Module. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-3835. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-36528 | Zoho ManageEngine ADAudit Plus up to 8510 Service Account Auditing Report sql injection (EUVD-2025-17451)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Zoho ManageEngine ADAudit Plus up to 8510 and classified as critical. This issue affects some unknown processing of the component Service Account Auditing Report. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-36528. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5876 | Lucky LM-520-SC/LM-520-FSC/LM-520-FSC-SAM up to 20250321 missing authentication (EUVD-2025-17459)

Vuldb Updates
2 months 3 weeks ago
A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. This vulnerability is known as CVE-2025-5876. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-40668 | TCMAN GIM 11 POST Request validateChangePassword%C3%B1a authorization (EUVD-2025-17458)

Vuldb Updates
2 months 3 weeks ago
A vulnerability has been found in TCMAN GIM 11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /PC/WebService.aspx/validateChangePassword%C3%B1a of the component POST Request Handler. The manipulation of the argument idUser/PasswordActual/PasswordNew/PasswordNewRepeat leads to incorrect authorization. This vulnerability is known as CVE-2025-40668. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-27531 | Apache InLong up to 2.0.x JDBC deserialization (EUVD-2025-17317)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Apache InLong up to 2.0.x. This affects an unknown part of the component JDBC. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-27531. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40669 | TCMAN GIM 11 POST Request Options.aspx?Command=2&Page=-1 authorization (EUVD-2025-17457)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in TCMAN GIM 11 and classified as problematic. Affected by this issue is some unknown functionality of the file /PC/Options.aspx?Command=2&Page=-1 of the component POST Request Handler. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-40669. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-40670 | TCMAN GIM 11 POST Request updateUser authorization (EUVD-2025-17456)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in TCMAN GIM 11. It has been classified as problematic. This affects an unknown part of the file /PC/frmGestionUser.aspx/updateUser of the component POST Request Handler. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-40670. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Qilin

Dark Feed IO
2 months 3 weeks ago

You must login to view this content

cohenido

New Blitz Malware Targets Windows Servers to Deploy Monero Miner

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 3 weeks ago

A new Windows-based malware named Blitz has been identified in 2024, with an updated version detected in early 2025. This malware, actively developed and distributed through deceptive game cheats, poses a significant threat by deploying a Monero cryptocurrency miner alongside information-stealing and denial-of-service (DoS) capabilities. Detailed analysis by Palo Alto Networks’ Unit 42 reveals that […]

The post New Blitz Malware Targets Windows Servers to Deploy Monero Miner appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Next-Gen Developers Are a Cybersecurity Powder Keg

darkreading
2 months 3 weeks ago
AI coding tools promise productivity but deliver security problems, too. As developers embrace "vibe coding," enterprises face mounting risks from insecure code generation that security teams can't keep pace with.
Pieter Danhieux

OpenAI Shuts Down ChatGPT Accounts Linked to Russian, Iranian & Chinese Cyber

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 3 weeks ago

In an era where artificial intelligence (AI) is reshaping every facet of society, our mission remains steadfast: to ensure that artificial general intelligence (AGI) benefits all of humanity. By advancing AI tools that empower people to solve complex problems, we are laying the groundwork for a future where technology serves as a force for good12. […]

The post OpenAI Shuts Down ChatGPT Accounts Linked to Russian, Iranian & Chinese Cyber appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Anupriya

CVE-2025-27819 | Apache Kafka up to 3.3.2 SASL JAAS JndiLoginModule privilege escalation

VulDB Recent Entries
2 months 3 weeks ago
A vulnerability was found in Apache Kafka up to 3.3.2 and classified as critical. This issue affects some unknown processing of the component SASL JAAS JndiLoginModule Handler. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-27819. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad