Aggregator

A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The identification of this vulnerability is CVE-2025-8433. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #625537 / VDB-307485

Submit #625534 / VDB-318462

Submit #625532 / VDB-318461

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. This vulnerability was named CVE-2025-8431. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #625528 / VDB-310350

We ran an experiment using Morris et. al’s Vec2Text model, to demonstrate the privacy risk of text embeddings with sensitive data. As we’ll show, a large percentage of sensitive data can be recovered from just their text embeddings, posing a significant privacy risk and demonstrating the need to use a tool like Tonic Textual to protect your data before using it to build generative AI systems.

The post Sensitive data in text embeddings is recoverable appeared first on Security Boulevard.

Submit #625529 / VDB-251377

Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple's new containerization framework. [...]

Submit #625492 / VDB-280942

Submit #625262 / VDB-318460

A vulnerability, which was classified as critical, was found in Güralp FMUS Series Seismic Monitoring Device. This affects an unknown part of the component Telnet-based Command Line Interface. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-8286. It is possible to initiate the attack remotely. There is no exploit available.

Submit #625358 / VDB-280946

Submit #625207 / VDB-280945

A vulnerability, which was classified as problematic, has been found in Plus Addons for Elementor Plugin up to 6.3.10 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-7646. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Microweber CMS 2.0. Affected by this vulnerability is an unknown functionality of the component User Profile Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-51503. The attack can be launched remotely. There is no exploit available.

Key Findings Introduction Check Point Research (CPR) has been closely monitoring the ongoing exploitation of a group of Microsoft SharePoint Server vulnerabilities collectively referred to as “ToolShell.” These active attacks leverage four vulnerabilities—CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771—and are attributed to multiple China affiliated threat actors. Among the threat groups identified by Microsoft, two are known […]

The post Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations appeared first on Check Point Research.

A vulnerability classified as critical has been found in D-Link DI-8200 16.07.26A1. Affected is the function ipsec_road_asp. The manipulation of the argument host_ip leads to buffer overflow. This vulnerability is traded as CVE-2025-51383. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in OPEXUS FOIAXpress Public Access Link 11.1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to external control of assumed-immutable web parameter. The identification of this vulnerability is CVE-2025-54832. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DI-8200 16.07.26A1. It has been declared as critical. This vulnerability affects the function yyxz_dlink_asp. The manipulation of the argument ID leads to buffer overflow. This vulnerability was named CVE-2025-51385. The attack can be initiated remotely. There is no exploit available.