Aggregator

A vulnerability marked as critical has been reported in Fyffe PHP-Twitter-Clone 1.0. This impacts an unknown function of the file search.php. The manipulation of the argument Name leads to sql injection. This vulnerability is referenced as CVE-2018-25364. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as problematic has been identified in Fyffe PHP-Twitter-Clone 1.0. Affected is an unknown function of the file tweetdel.php. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2018-25363. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Softpedia PCViewer t1000. Affected by this vulnerability is an unknown functionality. This manipulation causes path traversal. This vulnerability is tracked as CVE-2018-25365. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in Globalscape CuteFTP 5.0.4. This affects an unknown part. Performing a manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2018-25366. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability has been found in NordVPN up to 6.14.31 and classified as problematic. This issue affects some unknown processing. The manipulation of the argument Password leads to uncontrolled memory allocation. This vulnerability is documented as CVE-2018-25368. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Admidio 3.3.5. It has been declared as problematic. The impacted element is an unknown function of the file roles_function.php. Such manipulation of the argument rol_assign_roles/rol_approve_users/rol_edit_user leads to cross-site request forgery. This vulnerability is traded as CVE-2018-25370. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in NASA openVSP 3.16.1. This issue affects some unknown processing. Performing a manipulation results in buffer overflow. This vulnerability was named CVE-2018-25367. The attack needs to be approached locally. In addition, an exploit is available.

A vulnerability described as critical has been identified in scanwith Visual Ping 0.8.0.0. Impacted is an unknown function. Executing a manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2018-25369. The attack can only be executed locally. Furthermore, there is an exploit available.

A vulnerability was found in Softneta MedDream PACS Server Premium 6.7.1.1 and classified as critical. Impacted is an unknown function of the file userSignup.php of the component POST Handler. The manipulation of the argument email results in sql injection. This vulnerability is reported as CVE-2018-25372. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Softneta MedDream PACS Server Premium 6.7.1.1. It has been classified as critical. The affected element is an unknown function of the file nocache.php. This manipulation of the argument path causes path traversal. This vulnerability appears as CVE-2018-25374. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in SocuSoft DVD Photo Slideshow Professional 8.07. This vulnerability affects unknown code. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2018-25373. Local access is required to approach this attack. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Moosocial mooSocial Store Plugin 2.6. The affected element is an unknown function. The manipulation of the argument Product leads to sql injection. This vulnerability is referenced as CVE-2018-25371. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in SocuSoft iPod Photo Slideshow 8.05. This affects an unknown function. This manipulation causes stack-based buffer overflow. This vulnerability is tracked as CVE-2018-25375. The attack is restricted to local execution. Moreover, an exploit is present.

A vulnerability, which was classified as critical, was found in SocuSoft 3GP Photo Slideshow 8.05. This impacts an unknown function. Such manipulation leads to buffer overflow. This vulnerability is listed as CVE-2018-25376. The attack must be carried out locally. In addition, an exploit is available.

ChatGPT подсказывал по мелочам, а доказательство всё равно пришлось делать людям.

A solo Russian-speaking threat actor leveraged a jailbroken instance of Google Gemini to run a five-year MAGA-themed influence operation, crack WordPress administrator credentials, and empty at least one victim’s cryptocurrency wallet, all at near-zero cost using stolen API keys. In May 2026, TrendAI™ Research uncovered the full operational infrastructure of a threat actor tracked as […]

The post Russian Hacker Used Jailbroken Gemini to Steal Admin Credentials and Drain Crypto Wallets appeared first on Cyber Security News.

Hackers are actively abusing a flaw in shared Content Delivery Network (CDN) infrastructure to hide malicious traffic behind trusted, high-reputation domains, effectively slipping past the security tools that organizations rely on every day. The technique, now tracked under the name “Underminr,” is not a software bug but a deliberate abuse of how CDNs are designed […]

The post Hackers Abuse Shared CDN Infrastructure to Bypass Domain Reputation Security Controls appeared first on Cyber Security News.

A hacker is selling a 340M-strong OnlyFans-linked dataset built by correlating old breaches and public data, not by hacking OnlyFans directly. A threat actor is adverertising a purported database containing data of 340 million OnlyFans users, but the available evidence points to something less dramatic than a direct breach. According to HackRead, which reported the […]

A vulnerability was found in Ourenergy Collectric CMU 1.0. It has been classified as critical. This impacts the function Login. Performing a manipulation of the argument lang results in sql injection. This vulnerability is reported as CVE-2018-25379. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in SocuSoft Flash Slideshow Maker Professional 5.20. The impacted element is an unknown function. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2018-25377. The attack is only possible with local access. Additionally, an exploit exists.