Aggregator

A vulnerability classified as very critical was found in Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0. Affected by this vulnerability is an unknown functionality of the component XStream. The manipulation leads to code injection. This vulnerability is known as CVE-2021-21345. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Retail Xstore Point of Service 16.0.6/17.0.4/18.0.3/19.0.2 and classified as very critical. This vulnerability affects unknown code of the component XStream. The manipulation leads to deserialization. This vulnerability was named CVE-2021-21345. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Oracle Communications Policy Management 12.5.0. Affected is an unknown function of the component XStream. The manipulation leads to code injection. This vulnerability is traded as CVE-2021-21345. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Banking Virtual Account Management 14.2/14.3/14.5 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component XStream. The manipulation leads to code injection. This vulnerability is known as CVE-2021-21345. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Student Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /studentrecordms/login.php. The manipulation of the argument username/password leads to sql injection. This vulnerability is handled as CVE-2024-51102. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2025-5129. Local access is required to approach this attack. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #571803 / VDB-301951

Компания договорилась с тремя университетами о совместных проектах.

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. This vulnerability is traded as CVE-2025-5128. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in libwebp 0.5.1. Affected is an unknown function of the component libwebpmux. The manipulation leads to double free. This vulnerability is traded as CVE-2016-9969. It is possible to launch the attack remotely. There is no exploit available.

Submit #571267 / VDB-310207

Submit #570957 / VDB-310206

A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The identification of this vulnerability is CVE-2025-5127. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. This vulnerability was named CVE-2025-5126. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

This week’s threat landscape reveals a notable escalation in the tactics and precision of cyber attackers. Threat actors are actively […]

The post Weekly Threat Landscape Digest – Week 21 appeared first on HawkEye.

Submit #572265 / VDB-310205

Submit #572266 / VDB-310204

Submit #572275 / VDB-310204

Submit #572277 / VDB-310204

Submit #570725 / VDB-310204