Aggregator

A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4927. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /save_lawyer_edit_profile.php. The manipulation leads to sql injection. This vulnerability was named CVE-2025-4928. The attack can be initiated remotely. Furthermore, there is an exploit available. Multiple parameters might be affected.

A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The identification of this vulnerability is CVE-2025-4929. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Red Hat Migration Toolkit for Containers, Multicluster Engine for Kubernetes, OpenShift API for Data Protection, OpenShift Developer Tools and Services, OpenShift Serverless, OpenShift Source-to-Image Builder Image, Advanced Cluster Management for Kubernetes, Ansible Automation Platform , Enterprise Linux, OpenShift Container Platform, OpenShift Container Platform Assisted Installer, OpenShift Dev Spaces, Openshift Sandboxed Containers, OpenShift Virtualization, OpenStack Platform and Quay. Affected by this issue is some unknown functionality of the component Registry Handler. The manipulation leads to improper validation of integrity check value. This vulnerability is handled as CVE-2024-3727. The attack may be launched remotely. There is no exploit available.

Data obtained by Recorded Future News from the U.K.'s National Health Service show that two incidents last year put patients at risk of clinical harm.

复旦-阿里联合团队微服务安全新成果获S&P最佳论文奖

Новый KPI для криптостартапа — сохранить все 10 пальцев.

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 

• CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
• CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
• CVE-2024-11182 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
• CVE-2025-27920 Srimax Output Messenger Directory Traversal Vulnerability
• CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
• CVE-2023-38950 ZKTeco BioTime Path Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…

The official site for RVTools has apparently been hacked to serve a compromised installer for the popular utility, a security researcher has warned. It’s difficult to say how long the malicious version has been available for download, but the website has been offline since Friday, and began showing the following notice over the weekend: Screenshot of website notice (Source: Help Net Security) Malicious RVTools installer delivers malware RVTools is a free Windows-based utility that helps … More →

The post Malicious RVTools installer found on official site, researcher warns appeared first on Help Net Security.

A large cache of sensitive data about people who applied for legal aid in the U.K. is potentially in the possession of cybercriminals, the government said.

Старые хиты могут стать кормом для алгоритмов без ведома их создателей.

打开图片属性

Их называли ветеранами CPython и TypeScript, а теперь они остались никому не нужны.

关键词安全漏洞GNU C 库(glibc)中新报告的漏洞,是无数 Linux 应用程序的基本组成部分,它详细介

关键词网络攻击在一份新发布的威胁情报报告中,Hunt.io研究人员详细介绍了针对科威特关键部门的积极和复杂的网

关键词Windows微软官方证实，部分Windows 10系统在安装2025年5月安全更新（KB5058379

关键词网络诈骗近期，美国联邦调查局（FBI）发布紧急通告，警示公众警惕一种利用AI技术伪造政府官员声音的新型诈

Continuous Threat Exposure Management (CTEM) has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today’s cybersecurity programs by continuously aligning security efforts with real-world risk. At the heart of CTEM is the integration of Adversarial Exposure Validation (AEV), an advanced, offensive