Aggregator

CVE-2025-9504 | Campcodes Online Loan Management System 1.0 ajax.php?action=save_plan ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Campcodes Online Loan Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-9504. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2025-9505 | Campcodes Online Loan Management System 1.0 ajax.php?action=save_loan_type ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Campcodes Online Loan Management System 1.0. It has been classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This manipulation of the argument ID causes sql injection. This vulnerability is tracked as CVE-2025-9505. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-9506 | Campcodes Online Loan Management System 1.0 ajax.php?action=delete_plan ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Campcodes Online Loan Management System 1.0. It has been declared as critical. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-9506. The attack may be performed from a remote location. In addition, an exploit is available.
vuldb.com

CVE-2025-9511 | itsourcecode Apartment Management System 1.0 /visitor/addvisitor.php ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in itsourcecode Apartment Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9511. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2025-9509 | itsourcecode Apartment Management System 1.0 fair_info_all.php fid sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been classified as critical. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. This vulnerability is identified as CVE-2025-9509. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2025-9507 | itsourcecode Apartment Management System 1.0 /report/visitor_info.php vid sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been declared as critical. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument vid can lead to sql injection. This vulnerability is tracked as CVE-2025-9507. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-9510 | itsourcecode Apartment Management System 1.0 /branch/addbranch.php ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been rated as critical. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-9510. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2025-9508 | itsourcecode Apartment Management System 1.0 /report/rented_info.php rsid sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability categorized as critical has been discovered in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /report/rented_info.php. The manipulation of the argument rsid results in sql injection. This vulnerability is cataloged as CVE-2025-9508. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-9513 | editso fuso up to 1.0.4-beta.7 mod.rs PenetrateRsaAndAesHandshake priv_key inadequate encryption

Vuldb Updates
1 month 1 week ago
A vulnerability identified as problematic has been detected in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. This vulnerability is registered as CVE-2025-9513. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2025-9514 | macrozheng mall up to 1.0.3 Registration weak password (Issue 923)

Vuldb Updates
1 month 1 week ago
A vulnerability labeled as problematic has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. This vulnerability is documented as CVE-2025-9514. The attack can be executed remotely. There is not any exploit available. The vendor deleted the GitHub issue for this vulnerability without and explanation.
vuldb.com

CVE-2025-48081 | Printeers Print & Ship Plugin up to 1.17.0 on WordPress path traversal

Vuldb Updates
1 month 1 week ago
A vulnerability categorized as problematic has been discovered in Printeers Print & Ship Plugin up to 1.17.0 on WordPress. Impacted is an unknown function. The manipulation results in path traversal: '.../...//'. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2025-48081. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems

CISA News
1 month 1 week ago

CISA, along with the National Security Agency, Federal Bureau of Investigation, and international partners, released a joint Cybersecurity Advisory on People’s Republic of China (PRC) state-sponsored Advanced Persistent Threat (APT) actors targeting critical infrastructure across sectors and continents to maintain persistent, long-term access to networks.

This advisory builds on previous reporting and is based on real-world investigations conducted across multiple countries through July 2025. While the activity observed overlaps with industry reporting on the group known as Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor, among others, the advisory refers to them generically as APT actors to focus on the behavior, not the alias. 

These APT actors are exploiting vulnerabilities in the large backbone routers of telecommunications providers—specifically provider edge and customer edge routers that often lack visibility and are difficult to monitor—to gain and maintain persistent access, particularly in telecommunications, government, transportation, lodging, and defense networks. They often modify router firmware and configurations to evade detection and establish long-term footholds.

CISA and authoring partners strongly urge network defenders, particularly those in high-risk sectors, to hunt for malicious activity and implement the mitigations outlined in this advisory. 

For more detailed information, review the full advisory and CISA’s People’s Republic of China Cyber Threat Overview and Advisories web page.

CISA

Managed ad