Aggregator

Submit #570688 / VDB-309033

Submit #570687 / VDB-309032

Submit #570686 / VDB-309031

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. This vulnerability is traded as CVE-2025-4728. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2025-4727. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

安全公司趋势科技报告，朝鲜黑客组织正使用俄罗斯网络基础设施发动攻击。朝鲜黑客组织 Void Dokkaebi aka Famous Chollima 使用了俄罗斯 Khasan 和 Khabarovsk 两个小镇的两家公司的 IP 地址，Khasan 距离两国边界只有一英里，而 Khabarovsk 与朝鲜也有经济和文化上的渊源。安全研究人员猜测朝鲜可能在两地派遣了 IT 工作人员。Void Dokkaebi 的攻击目标主要是加密货币、Web3 和区块链技术有兴趣的软件工程师，目的是要窃取他们电脑上的加密货币。网络在朝鲜属于稀缺资源，整个国家网络只被分配到 1,024 个 IP 位址。

Submit #570689 / VDB-274171

Submit #570677 / VDB-309030

Submit #570441 / VDB-309029

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-4726. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4725. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-4724. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. This vulnerability is known as CVE-2025-4723. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. This vulnerability is traded as CVE-2025-4722. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-4721. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #570010 / VDB-309028

Submit #569977 / VDB-309027

Submit #569974 / VDB-309026

Более 1000 фейковых email-адресов раскрыли сеть айтишников КНДР, внедрившихся в западные компании.