Aggregator

2025年网络空间安全学术会议征文通知

A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation of the argument email leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4698. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid leads to sql injection. This vulnerability is handled as CVE-2025-4697. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #567796 / VDB-308999

In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemic vulnerabilities in API management. As more organizations integrate AI into [...]

The post Developer Leaks API Key for Private Tesla, SpaceX LLMs appeared first on Wallarm.

The post Developer Leaks API Key for Private Tesla, SpaceX LLMs appeared first on Security Boulevard.

A critical vulnerability in Microsoft’s BitLocker full disk encryption, demonstrating that it can be bypassed in under five minutes using a software-only attack dubbed “Bitpixie” (CVE-2023-21563). A public proof-of-concept (PoC) exploit has now been released, highlighting the severity of the risk to millions of Windows devices relying on BitLocker without pre-boot authentication. How the Bitpixie […]

The post BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released appeared first on Cyber Security News.

A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is known as CVE-2025-4696. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. This vulnerability is traded as CVE-2025-4695. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #567738 / VDB-308998

Submit #567701 / VDB-283418

Submit #567695 / VDB-308997

Submit #567694 / VDB-308996

Submit #567688 / VDB-265211

A vulnerability was found in Responsive Lightbox & Gallery Plugin up to 2.5.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-3742. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Telegram уничтожил крупнейшую криптопрачечную, а заодно — компанию с корнями в правительстве.

Submit #567683 / VDB-308995

Submit #567673 / VDB-308994

Google has rolled out a fresh Stable Channel update for the Chrome browser across desktop platforms, including Windows, Mac, and Linux. This update elevates Chrome to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. The deployment will occur gradually over the next few days and weeks, ensuring users worldwide receive the latest enhancements. […]

The post Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #567592 / VDB-199611