Aggregator

Roundcube Webmail under fire: critical exploit found after a decade

Security Affairs
3 months 2 weeks ago
A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code. A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, an attacker can exploit the flaw to take control […]
Pierluigi Paganini

CVE-2025-5632 | code-projects/anirbandutta9 Content Management System/News-Buzz 1.0 /admin/users.php change_to_admin sql injection

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. This vulnerability is known as CVE-2025-5632. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5631 | code-projects/anirbandutta9 Content Management System/News-Buzz 1.0 /publicposts.php post sql injection

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. This vulnerability is traded as CVE-2025-5631. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5598 | WF Steuerungstechnik airleader MASTER 3.0046 path traversal (msec-2025-004 / EUVD-2025-16866)

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability was found in WF Steuerungstechnik airleader MASTER 3.0046 and classified as problematic. This issue affects some unknown processing. The manipulation leads to path traversal: '.../...//'. The identification of this vulnerability is CVE-2025-5598. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5630 | D-Link DIR-816 1.10CNB05 form2lansetup.cgi ip stack-based overflow

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-5630. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5629 | Tenda AC10 up to 15.03.06.47 HTTP /goform/SetPptpServerCfg formSetPPTPServer startIp/endIp buffer overflow

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-5629. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response

Anyrun
3 months 2 weeks ago

Government institutions worldwide face a growing number of sophisticated cyberattacks. This case study examines how ANY.RUN’s solutions can be leveraged to detect, analyze, and mitigate cyber threats targeting government organizations.  By analyzing real-world threats, we demonstrate how ANY.RUN’s Threat Intelligence Lookup, Interactive Sandbox, and YARA Search assist cybersecurity teams in identifying attack vectors, tracking malicious […]

The post Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response appeared first on ANY.RUN's Cybersecurity Blog.

4OURUP

CVE-2025-5628 | SourceCodester Food Menu Manager 1.0 Add Menu /index.php name/description cross site scripting

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. This vulnerability is handled as CVE-2025-5628. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5627 | code-projects Patient Record Management System 1.0 /sputum_form.php itr_no sql injection

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. This vulnerability is known as CVE-2025-5627. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 2 weeks ago

The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s […]

The post APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad