Aggregator

A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-4291. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Codeastro Bus Ticket Booking System 1.0. It has been classified as problematic. Affected is an unknown function of the component User Profile Handler. The manipulation of the argument ID leads to improper control of resource identifiers. This vulnerability is traded as CVE-2025-25777. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-4806. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. This vulnerability is uniquely identified as CVE-2025-4807. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in MultiVendorX Plugin up to 4.2.22 on WordPress. Affected is the function delete_fpm_product. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-4101. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /vpms/users/login.php. The manipulation of the argument emailcont leads to sql injection. This vulnerability is traded as CVE-2025-45885. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. This vulnerability was named CVE-2025-4909. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in LibreNMS up to 25.4.x. It has been classified as problematic. Affected is an unknown function of the file /poller/groups. The manipulation of the argument group name leads to cross site scripting. This vulnerability is traded as CVE-2025-47931. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_delivery_update.php. The manipulation of the argument uploaded_file_cancelled leads to unrestricted upload. The identification of this vulnerability is CVE-2025-4923. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injection. This vulnerability is known as CVE-2025-4814. The attack can be launched remotely. Furthermore, there is an exploit available.

Estonia said a man is suspected of unlawfully accessing a customer card database managed by Allium UPI, the parent company of the Apotheka pharmacy chain, in February 2024.

A critical security vulnerability in the popular TI WooCommerce Wishlist plugin has left over 100,000 WordPress websites exposed to potential cyberattacks, with security researchers warning of imminent exploitation risks. The vulnerability, designated as CVE-2025-47577 and assigned the maximum CVSS score of 10.0, enables unauthenticated attackers to upload arbitrary files to affected websites, potentially leading to […]

The post WordPress TI WooCommerce Wishlist Plugin Vulnerability Exposes 100,000+ Websites To Cyberattack appeared first on Cyber Security News.

This is the first time Czech authorities have officially called out a nation-state over a cyber-attack

Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,

Cybercriminals leveraged critical vulnerabilities in remote monitoring software to breach a managed service provider and attack multiple customers. Cybersecurity researchers at Sophos have revealed details of a sophisticated attack where threat actors exploited vulnerabilities in SimpleHelp remote monitoring and management (RMM) software to deploy DragonForce ransomware across multiple organizations through a managed service provider (MSP). […]

The post Hackers Exploit SimpleHelp RMM Tool to Deploy DragonForce Ransomware appeared first on Cyber Security News.