Aggregator

如何使用SyntaxFlow进行Java代码审计实战？

Submit #512709 / VDB-298784

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/delete_members.php. The manipulation of the argument member_id leads to sql injection. This vulnerability is traded as CVE-2025-2039. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The identification of this vulnerability is CVE-2025-2038. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_dashboard/delete_requester.php. The manipulation of the argument requester_id leads to sql injection. This vulnerability was named CVE-2025-2037. The attack can be initiated remotely. Furthermore, there is an exploit available.

Компания объявила о запуске новой программы багбаунти.

Submit #512574 / VDB-298783

Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J. Leith from Trinity College Dublin, documents for the first time how pre-installed Google apps silently track users without seeking consent or providing any opt-out options. The research examined cookies, identifiers, […]

The post Google Silently Tracks Android Device Even No Apps Opened by User appeared first on Cyber Security News.

Submit #512564 / VDB-298782

Submit #512562 / VDB-280349

Submit #512558 / VDB-298781

Submit #512550 / VDB-298780

A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0. It has been classified as critical. This affects an unknown part of the file details.php. The manipulation of the argument pro_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-2036. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /customer_register.php. The manipulation of the argument name leads to unrestricted upload. This vulnerability is handled as CVE-2025-2035. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in OpenVPN tap-windows6 up to 9.26 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to integer overflow. This vulnerability is known as CVE-2024-1305. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OpenVPN up to 2.5.1 and classified as problematic. This vulnerability affects unknown code of the component Control Channel Data Handler. The manipulation leads to authentication bypass by primary weakness. This vulnerability was named CVE-2020-15078. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in OpenVPN up to 2.6.10. This affects an unknown part of the component Exit Notification Handler. The manipulation leads to missing release of resource. This vulnerability is uniquely identified as CVE-2024-28882. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #512405 / VDB-298779

Submit #512404 / VDB-298778

内有福利，送20个账号注册码或300论坛币，吾爱破解论坛开放注册时间：2025年3月13日 12：00 -- 14：00 和 20：00 -- 22：00，赶紧上好闹钟顺便告诉小伙伴吧。