Aggregator

A vulnerability identified as problematic has been detected in SeaCms 12.1. Affected is an unknown function of the component Management Custom Label Module. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2023-37125. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in SeaCms 12.1. Affected by this vulnerability is an unknown functionality of the component Setup Module. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-37124. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in Bagecms 3.1.0. This affects an unknown part of the component Custom Settings Module. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2023-37122. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, has been found in code-projects Hospital Information System 1.0. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-37070. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability has been found in code-projects Online Hospital Management System 1.0 and classified as critical. The impacted element is an unknown function of the component Field Handler. The manipulation of the argument loginid/password leads to sql injection. This vulnerability is documented as CVE-2023-37069. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, has been found in Guangzhou Yeroo Tech iDS6 DSSPro Digital Signage System 4.3/5.6 B2017.07.12.1757/6.2 B2014.12.12.1220. The affected element is an unknown function of the component AutoSave Feature. This manipulation causes cleartext transmission of sensitive information. This vulnerability is tracked as CVE-2020-36917. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability has been found in Cloudways Breeze Plugin up to 2.2.21 on WordPress and classified as critical. The affected element is an unknown function. Performing a manipulation results in missing authorization. This vulnerability is identified as CVE-2025-69364. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in CyberChimps Responsive Addons for Elementor Plugin up to 2.0.8 on WordPress and classified as critical. The impacted element is an unknown function. Executing a manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2025-69363. The attack can be launched remotely. No exploit exists.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

“If I’m confirmed for this, I think my role is to be objective about that as that comes up, or if it continues to come up as a topic,” Rudd said.

The post Trump’s cyber chief pick tells lawmakers he’ll assess efficacy of Cybercom-NSA dual-hat role, if confirmed appeared first on CyberScoop.

The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. [...]

A vulnerability classified as problematic was found in Chamilo LMS up to 1.11.20. The affected element is an unknown function of the component Classes Management. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2023-37067. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability classified as critical was found in code-projects Gym Management System 1.0. This affects an unknown function of the component Login Form. Such manipulation of the argument Password leads to sql injection. This vulnerability is traded as CVE-2023-37068. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Chamilo LMS up to 1.11.20. Impacted is an unknown function of the component Skills Wheel. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2023-37066. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

A researcher who discovered the vulnerability said it was fixed in December, after he first reported it to the agency in September.

The post CISA’s secure-software buying tool had a simple XSS vulnerability of its own appeared first on CyberScoop.

Ransomware Attack Update - January 15th, 2026

A vulnerability identified as critical has been detected in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. This vulnerability is known as CVE-2025-15262. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in danny-avila LibreChat up to 0.8.2-rc1. This affects an unknown function of the component Agents File Handler. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2025-69220. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in danny-avila LibreChat 0.8.2-rc2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Actions Feature. The manipulation results in server-side request forgery. This vulnerability is identified as CVE-2025-69222. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in iWT FaceSentry Access Control System 6.4.8. This affects an unknown part. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is documented as CVE-2019-25278. The attack can be initiated remotely. There is not any exploit available.