Aggregator

A vulnerability, which was classified as problematic, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /searchdata.php. The manipulation of the argument searchdata leads to cross site scripting. This vulnerability is handled as CVE-2025-4862. The attack may be launched remotely. Furthermore, there is an exploit available.

The Coinbase breach exposed more than data; it revealed what most orgs still can’t see. Learn why proactive SaaS access visibility is your real defense.

The post Coinbase Breach: Can You Act Quickly to an Insider Threat? appeared first on Security Boulevard.

Submit #575384 / VDB-309405

A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. This vulnerability is known as CVE-2025-4861. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #575355 / VDB-309404

Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.

Author/Presenter: George Polivka & Unnamed User

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – GroundFloor – Rolling Out The C2: A Take On Modern Red Team Infrastructure appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-4860. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-4859. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-4858. The attack can be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #575240 / VDB-243617

Submit #575234 / VDB-307476

Submit #575232 / VDB-251377

Submit #575230 / VDB-309403

Submit #575103 / VDB-309402

Submit #575101 / VDB-309401

Submit #575100 / VDB-309400

A vulnerability was found in CodeRevolution Echo RSS Feed Post Generator Plugin up to 5.4.8.1 on WordPress. It has been classified as critical. This affects the function echo_generate_featured_image. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-4391. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Crawlomatic Multipage Scraper Post Generator Plugin up to 2.6.8.1 on WordPress and classified as critical. Affected by this issue is the function crawlomatic_generate_featured_image. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-4389. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in WPBot Pro Chatbot Plugin up to 13.6.2 on WordPress and classified as critical. Affected by this vulnerability is the function qcld_openai_delete_training_file of the file wp-config.php. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-3812. The attack can be launched remotely. There is no exploit available.