Aggregator

CVE-2025-5663 | PHPGurukul Auto Taxi Stand Management System 1.0 search-autoortaxi.php searchdata sql injection (EUVD-2025-16995)

Vuldb Updates
3 months 1 week ago
A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability was named CVE-2025-5663. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5639 | PHPGurukul Notice Board System 1.0 /forgot-password.php email sql injection (EUVD-2025-16969)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. This vulnerability is handled as CVE-2025-5639. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5638 | PHPGurukul Notice Board System 1.0 /admin-profile.php mobilenumber sql injection (EUVD-2025-16963)

Vuldb Updates
3 months 1 week ago
A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability is known as CVE-2025-5638. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

Cyber Security News
3 months 1 week ago

A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools and game cheats, contain elaborate backdoors designed to infect users who compile the seemingly authentic […]

The post Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2023-51073 | Buffalo LS210D 1.78-0.03 Firmware Update Script update_notifications.sh privilege escalation

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Buffalo LS210D 1.78-0.03. It has been classified as critical. Affected is an unknown function of the file /etc/init.d/update_notifications.sh of the component Firmware Update Script. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-51073. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-24262 | ireader media-server 1.0.0 sip-uac-transaction.c sip_uac_stop_timer use after free

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in ireader media-server 1.0.0. Affected by this issue is the function sip_uac_stop_timer of the file /uac/sip-uac-transaction.c. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-24262. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com

CVE-2025-47544 | acowebs Dynamic Pricing With Discount Rules for WooCommerce Plugin sql injection

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as critical, has been found in acowebs Dynamic Pricing With Discount Rules for WooCommerce Plugin up to 4.5.8 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-47544. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-39507 | NasaTheme Nasa Core Plugin up to 6.3.2 on WordPress filename control

Vuldb Updates
3 months 1 week ago
A vulnerability classified as problematic was found in NasaTheme Nasa Core Plugin up to 6.3.2 on WordPress. This vulnerability affects unknown code. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability was named CVE-2025-39507. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-48146 | Michael Lups SEO Flow by LupsOnline Plugin up to 2.2.0 on WordPress cross-site request forgery

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Michael Lups SEO Flow by LupsOnline Plugin up to 2.2.0 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-48146. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

Attackers exploit Fortinet flaws to deploy Qilin ransomware

Security Affairs
3 months 1 week ago
Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. “Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between […]
Pierluigi Paganini

ISMG Editors: Infosecurity Europe Conference 2025 Wrap-Up

Ransomware DataBreachToday.com
3 months 1 week ago
Also: AI's Promise and Pitfalls and Why Community, Communication, and Basics Matter
Live from Infosecurity Europe 2025 in London, ISMG editors and guest CISO Ian Thornton-Trump wrap up a week of standout insights - from AI-driven security and operational resilience to supply chain risk and mental health in cyber. A celebration of community, innovation and cybersecurity basics.

'There Will Be Pain': CISA Cuts Spark Bipartisan Concerns

Ransomware DataBreachToday.com
3 months 1 week ago
Analysis of Proposed Budget, Workforce Cuts Reveal Risks to Cyber Readiness
The Trump administration’s 2026 budget proposal would eliminate over 1,000 positions and nearly $425 million from CISA, gutting cyber ops, risk modeling and election security - prompting warnings that the U.S. is weakening its national cyber defense amid rising global threats.

Managed ad