Aggregator

A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. This vulnerability was named CVE-2025-5696. The attack can be initiated remotely. Furthermore, there is an exploit available.

Web and mobile application code protection is a must-have security control. Modern solutions such as application layer firewall help your organisation to keep those assets protected from threats like SQL injection, cross-site scripting and bot-driven attacks. This is where a Web Application Firewall (WAF) comes into the picture. A WAF has the capability of filtering, […]

The post Web Application Firewall (WAF) Best Practices For Optimal Security appeared first on Security Boulevard.

Submit #588324 / VDB-311214

Submit #588323 / VDB-311213

Submit #588316 / VDB-311212

A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-5695. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #584532 / VDB-311211

Submit #585716 / VDB-311211

Submit #585715 / VDB-311211

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. This vulnerability is handled as CVE-2025-5694. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is known as CVE-2025-5693. The attack can be launched remotely. Furthermore, there is an exploit available.

A group Google is tracking as UNC6040 has been tricking users into installing a malicious version of a Salesforce app to gain access to and steal data from the platform.

Submit #590253 / VDB-310331

Submit #590184 / VDB-311210

Submit #590183 / VDB-311209

Submit #590159 / VDB-309284

Submit #590157 / VDB-309285

In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. [...]

Rate limiting plays a major role in application security, especially when it is about defending web applications from malicious bot attacks, credential stuffing, brute force attacks and excessive API calls. Rate limiting security ensures that systems function properly without overwhelming them. It controls the number of requests a client or a specific IP address can […]

The post Securing Against Attacks: How WAF Rate Limiting Works appeared first on Security Boulevard.

A vulnerability was found in Listmonk up to 4.1.0. It has been classified as critical. Affected is the function QuerySubscribers. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-46011. It is possible to launch the attack remotely. There is no exploit available.