Aggregator

A vulnerability identified as problematic has been detected in Open Design Alliance CDE inWEB SDK. This impacts an unknown function of the component Setting Handler. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2024-12564. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. It has been declared as critical. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-10087. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, has been found in Bender CC612, CC613, ICC15xx, ICC16xx and ICC13xx. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is documented as CVE-2025-41708. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Bender CC612, CC613, ICC16xx and ICC13xx up to 5.33.2. This issue affects some unknown processing. The manipulation results in insufficiently protected credentials. This vulnerability is reported as CVE-2025-41682. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Apache Jackrabbit Core and Jackrabbit JCR Commons. The impacted element is an unknown function of the component JNDI Handler. Such manipulation leads to injection. This vulnerability is listed as CVE-2025-58782. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in SourceCodester Time Tracker 1.0. It has been rated as problematic. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. This vulnerability was named CVE-2025-10088. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in WAGO Coupler 0750-0362, 0000-0001, 0040-0000, K013-1080, K019-7576, Coupler 0750-0363, Coupler 0750-0364, 0040-0010, Coupler 0750-0365 and Coupler 0750-0366 up to FW12. This affects an unknown part. Executing manipulation can lead to incorrect permission assignment. This vulnerability is registered as CVE-2025-41664. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

源代码中存在越南语注释表明，出于经济动机的威胁行为者可能是讲越南语的人员。

速更新至最新版本

根据 2025 Australia Plays study，82% 的澳大利亚人玩游戏。有 1241 个澳大利亚家庭参与了调查，年龄都在 18 岁以上。结果显示，74% 的家庭有两台或以上游戏设备，近半数家庭有三台或以上游戏设备。87% 的澳大利亚玩家玩主机游戏， 71% 玩手游，58% 玩 PC 游戏。玩家平均年龄 35 岁，81% 的玩家年龄超过 18 岁，三分之二的退休年龄成年人也在玩游戏。77% 的人喜欢玩社交类游戏，但年龄越大的人越倾向于独自玩游戏。女性玩家超过半数，男性占 48%，这是该系列调查首次发现女性玩家占半数以上。

Palo Alto Networks, Cloudflare and Zscaler were also among confirmed victims of the attack

North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…

In a recent autonomous penetration test, a novel cross-site scripting (XSS) bypass that sidesteps even highly restrictive Web Application Firewalls (WAFs). Security researchers uncovered a ASP.NET application protected by a rigorously configured WAF. Conventional XSS payloads—breaking out of single-quoted JavaScript strings—were promptly blocked. Yet by abusing HTTP parameter pollution, the team managed to split malicious […]

The post Web Application Firewall Bypassed via JS Injection with Parameter Pollution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новый мессенджер собирается конкурировать с лидерами рынка. Но реальность оказалась далека от амбиций.

A vulnerability has been found in Paysyspro Com Wmi 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file wmi.php. The manipulation of the argument controller leads to path traversal. This vulnerability is traded as CVE-2010-1607. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Visocrea Com Joomla Visites 1.1. This affects an unknown function of the file core/include/myMailer.class.php. The manipulation of the argument mosConfig_absolute_path results in code injection. This vulnerability is identified as CVE-2010-2918. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Ternaria Com Vjdeo 1.0.1 and classified as problematic. The affected element is an unknown function of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is referenced as CVE-2010-1354. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Joomlamo Com Weberpcustomer up to 1.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file weberpcustomer.php. Such manipulation of the argument controller leads to path traversal. This vulnerability is documented as CVE-2010-1315. The attack can be executed remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

A vulnerability has been found in Dev.pucit.edu.pk Com Webtv 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is documented as CVE-2010-1470. The attack can be initiated remotely. Additionally, an exploit exists.