Aggregator

CVE-2025-36133 | IBM App Connect Enterprise Certified Container up to 11.6.0/12.0.14/12.14.0 Installation log file (EUVD-2025-26340 / WID-SEC-2025-1939)

VulDB Recent Entries
1 month ago
A vulnerability classified as problematic was found in IBM App Connect Enterprise Certified Container up to 11.6.0/12.0.14/12.14.0. Affected is an unknown function of the component Installation Handler. Such manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-36133. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised.
vuldb.com

Hackers Threaten Google Following Data Exposure

Security Boulevard
1 month ago

A recent breach involving a third-party Salesforce system used by Google has sparked an unusual escalation. Although no Gmail inboxes, passwords, or internal Google systems were accessed, attackers gained entry to a sales database that included names, phone numbers, email addresses, and internal notes related to small business clients. This type of data is often […]

The post Hackers Threaten Google Following Data Exposure appeared first on Centraleyes.

The post Hackers Threaten Google Following Data Exposure appeared first on Security Boulevard.

Rebecca Kappel

Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month ago

A sophisticated malvertising campaign has emerged that specifically targets hoteliers and vacation rental operators by impersonating well-known service providers. Okta Threat Intelligence reports that attackers have used malicious search engine advertisements—particularly sponsored ads on Google Search—to lure unsuspecting hospitality professionals to counterfeit login portals. The ultimate goal: harvesting credentials for cloud-based property management and guest […]

The post Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

The Hackers News
1 month ago
As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security incidents now originate from web applications accessed via Chrome, Edge, Firefox, and other browsers. One particularly fast-evolving adversary, Scattered Spider, has made it their mission to wreak havoc on enterprises by specifically targeting
The Hacker News

1st September – Threat Intelligence Report

Check Point Research
1 month ago

For the latest discoveries in cyber research for the week of 1st September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American consumer credit reporting agency TransUnion has suffered a data breach that resulted in the exposure of sensitive personal information for over 4.4 million individuals in the United States. The leaked data […]

The post 1st September – Threat Intelligence Report appeared first on Check Point Research.

[email protected]

CVE-2025-9797 | mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0 Edit Product Page /admin/product/edit/ injection (Issue 288 / EUVD-2025-26362)

VulDB Recent Entries
1 month ago
A vulnerability classified as problematic has been found in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. This vulnerability is handled as CVE-2025-9797. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
vuldb.com

CVE-2025-9796 | thinkgem JeeSite up to 5.12.1 EncodeUtils.java decodeUrl2 cross site scripting (Issue 33 / EUVD-2025-26363)

VulDB Recent Entries
1 month ago
A vulnerability described as problematic has been identified in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-9796. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-9795 | xujeff tianti 天梯 up to 2.3 UploadController.java ajaxUploadFile upfile unrestricted upload (Issue 43 / EUVD-2025-26359)

VulDB Recent Entries
1 month ago
A vulnerability marked as critical has been reported in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. This vulnerability is traded as CVE-2025-9795. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-9794 | Campcodes Computer Sales and Inventory System 1.0 pos_transac.php?action=add cash/firstname sql injection (EUVD-2025-26360)

VulDB Recent Entries
1 month ago
A vulnerability labeled as critical has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. This vulnerability appears as CVE-2025-9794. The attack may be performed from remote. In addition, an exploit is available. Other parameters might be affected as well.
vuldb.com

Managed ad