Aggregator

CVE-2025-9021 | SourceCodester Online Bank Management System up to 1.0 /bank/transfer.php email sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability has been found in SourceCodester Online Bank Management System up to 1.0 and classified as critical. The impacted element is an unknown function of the file /bank/transfer.php. Performing manipulation of the argument email results in sql injection. This vulnerability is known as CVE-2025-9021. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2025-9022 | SourceCodester Online Bank Management System up to 1.0 /bank/statements.php email sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in SourceCodester Online Bank Management System up to 1.0 and classified as critical. This affects an unknown function of the file /bank/statements.php. Executing manipulation of the argument email can lead to sql injection. This vulnerability is handled as CVE-2025-9022. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

The Hackers News
1 month 1 week ago
Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 (CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user
The Hacker News

Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection

Security Affairs
1 month 1 week ago
Hackers exploit Apache ActiveMQ flaw to install DripDropper on Linux, then patch it to block rivals and hide their tracks. Red Canary researchers observed attackers exploit a 2-year-old Apache ActiveMQ vulnerability, tracked as CVE-2023-46604 (CVSS score of 10.0), to gain persistence on cloud Linux systems and deploy DripDropper malware. Uniquely, they patch the flaw post-exploit […]
Pierluigi Paganini

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

The Hackers News
1 month 1 week ago
Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which is then
The Hacker News

Threat Actors Abuse Internet Archive to Host Stealthy JScript Loader

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month 1 week ago

An Malicious actors are using reliable internet resources, such as the Internet Archive, more frequently to disseminate clandestine malware components in a worrying increase in cyberthreats. This tactic exploits the inherent trustworthiness of such platforms, allowing attackers to bypass traditional security filters and deliver payloads under the guise of legitimate content. The latest incident highlights […]

The post Threat Actors Abuse Internet Archive to Host Stealthy JScript Loader appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2023-38533 | Siemens TIA Administrator up to 3 SP1 on Windows temp file (ssa-319319 / 3 SP2)

Vuldb Updates
1 month 1 week ago
A vulnerability identified as problematic has been detected in Siemens TIA Administrator up to 3 SP1 on Windows. This affects an unknown function. This manipulation causes creation of temporary file in directory with insecure permissions. This vulnerability appears as CVE-2023-38533. The attack requires local access. There is no available exploit. It is suggested to install a patch to address this issue.
vuldb.com

CVE-2024-38371 | goauthentik prior 2024.2.4/2024.4.3/2024.6.0 access control (GHSA-jq3m-37m7-gp45)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in goauthentik authentik and classified as critical. The impacted element is an unknown function. Executing manipulation can lead to improper access controls. This vulnerability is registered as CVE-2024-38371. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-9088 | Tenda AC20 16.03.08.12 formSetVirtualSer save_virtualser_data list stack-based overflow

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Tenda AC20 16.03.08.12. It has been rated as critical. This affects the function save_virtualser_data of the file /goform/formSetVirtualSer. Performing manipulation of the argument list results in stack-based buffer overflow. This vulnerability is known as CVE-2025-9088. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2025-55587 | TOTOLINK A3002R 4.0.0-B20230531.1404 /boafrm/formMapDelDevice Hostname buffer overflow

Vuldb Updates
1 month 1 week ago
A vulnerability has been found in TOTOLINK A3002R 4.0.0-B20230531.1404 and classified as critical. The affected element is an unknown function of the file /boafrm/formMapDelDevice. This manipulation of the argument Hostname causes buffer overflow. This vulnerability is handled as CVE-2025-55587. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2025-55589 | TOTOLINK A3002R 4.0.0-B20230531.1404 /boafrm/formMapDelDevice clientoff os command injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been rated as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice. The manipulation of the argument clientoff leads to os command injection. This vulnerability is referenced as CVE-2025-55589. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

Managed ad