Aggregator

Submit #639215 / VDB-321920

Submit #639213 / VDB-223217

A vulnerability, which was classified as critical, was found in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. This vulnerability was named CVE-2025-9699. The attack may be performed from a remote location. In addition, an exploit is available.

A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the number of exposed systems drop from approximately 28,200 to 12,400 in just one week. Data from The Shadowserver Foundation, a non-profit dedicated to internet security, reveals a rapid response from administrators worldwide, though thousands […]

The post Citrix Netscaler 0-day RCE Vulnerability Patched – Vulnerable Instances Reduced from 28.2K to 12.4K appeared first on Cyber Security News.

Submit #639209 / VDB-206015

Explore the top automated pentesting tools of 2025. Learn how modern platforms detect business logic flaws, deliver true positives, and scale continuous security testing, so security teams can replace manual pentests with faster, more accurate coverage.

The post Top Automated Pentesting Tools (2025) appeared first on Security Boulevard.

Submit #639171 / VDB-321919

Picture this: Your team rolls out some new code, thinking everything's fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions. Scary, right? In 2025, the average data breach hits businesses with a whopping $4.44 million bill globally. And guess what? A big

Loyola College Falls Victim to INTERLOCK Ransomware

Submit #639076 / VDB-179607

A vulnerability, which was classified as problematic, has been found in exiv2 up to 0.28.5. This affects the function jpegBase::readMetadata of the component Image Parser. The manipulation leads to inefficient algorithmic complexity. This vulnerability is uniquely identified as CVE-2025-55304. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. Affected by this issue is some unknown functionality. Executing manipulation of the argument there can lead to incorrect authorization. This vulnerability is handled as CVE-2025-54877. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Related Posts Lite Plugin up to 1.12 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-9618. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in exiv2 up to 0.28.5. Affected is an unknown function of the component Image Parser. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-54080. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

Salt Typhoon собирает сетевое оборудование по всему миру.

“Het is van groot belang dat Europese landen Oekraïne verenigd en daadkrachtig steunen.” Dat benadrukte minister Ruben Brekelmans vandaag in Kopenhagen. Hier kwamen de defensieministers van de Europese Unie bijeen voor de informele Raad Buitenlandse Zaken Defensie.

NodeBB, a popular open-source forum platform, has been found vulnerable to a critical SQL injection flaw in version 4.3.0.  The flaw, tracked as CVE-2025-50979, resides in the search-categories API endpoint, allowing unauthenticated, remote attackers to inject both boolean-based blind and PostgreSQL error-based payloads.  Successful exploitation could lead to unauthorized data access, information disclosure, or further […]

The post NodeBB Vulnerability Let Attackers Inject Boolean-Based Blind and PostgreSQL Error-Based Payloads appeared first on Cyber Security News.

Valve 宣布，为了遵守法律 UK Online Safety Act(OSA)，从 8 月 29 日起对想要访问成人游戏内容的英国 Steam 用户验证年龄。年龄验证要求只针对英国用户，方法是在 Steam 帐户添加有效信用卡。因为英国居民需要年满 18 周岁才能申请信用卡，发卡机构有义务在发卡前验证申请者的年龄，因此如果一名英国用户拥有有效信用卡，那么他们的年龄肯定超过了 18 岁。UK Online Safety Act 于 2025 年 7 月 25 日生效，Valve 不是唯一一家要求英国用户验证年龄的游戏公司，微软上个月对英国 Xbox 用户推出了年龄验证。

Пока вы работали в Office, хакеры тихо взламывали вашу систему.