Aggregator

CVE-2025-0842 | needyamin Library Card System 1.0 Login admin.php email/password sql injection

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The identification of this vulnerability is CVE-2025-0842. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-24680 | WpMultiStoreLocator WP Multi Store Locator Plugin up to 2.4.7 on WordPress cross site scripting

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in WpMultiStoreLocator WP Multi Store Locator Plugin up to 2.4.7 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is handled as CVE-2025-24680. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-0880 | Codezips Gym Management System 1.0 updateplan.php planid sql injection

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The identification of this vulnerability is CVE-2025-0880. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-0721 | needyamin image_gallery 1.0 /view.php username cross site scripting

Vuldb Updates
9 months 2 weeks ago
A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0721. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-0722 | needyamin image_gallery 1.0 Cover Image /admin/gallery.php image unrestricted upload

Vuldb Updates
9 months 2 weeks ago
A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. This vulnerability was named CVE-2025-0722. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-0536 | 1000 Projects Attendance Tracking Management System 1.0 /admin/edit_action.php attendance_id sql injection

Vuldb Updates
9 months 2 weeks ago
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection. This vulnerability was named CVE-2025-0536. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-0541 | Codezips Gym Management System 1.0 edit_member.php name sql injection

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The identification of this vulnerability is CVE-2025-0541. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

The compliance illusion: Why your company might be at risk despite passing audits

Help Net Security
9 months 2 weeks ago

For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity. The challenge? Many organizations focus on checking the compliance box rather than ensuring their controls are effective. The problem isn’t compliance itself, it’s the mindset. Too often, security teams scramble to pass an audit, only to return to business … More →

The post The compliance illusion: Why your company might be at risk despite passing audits appeared first on Help Net Security.

Mirko Zorz

Job Application Spear Phishing

Security Boulevard
9 months 2 weeks ago

Starting in Q3 2024, Cofense Intelligence detected an ongoing campaign targeting employees working in social media and marketing positions. In this campaign, marked employees were encouraged to apply to a social media manager position in a Fortune 500 company. Meta, Coca-Cola, PayPal, and other brand name companies were spoofed to send fake job applications to prospects.

The post Job Application Spear Phishing appeared first on Security Boulevard.

Cofense Website

CVE-2006-1516 | Sun MySQL up to 5.0.20 Authentication memory corruption (EDB-1742 / Nessus ID 17697)

Vuldb Updates
9 months 2 weeks ago
A vulnerability classified as problematic was found in Sun MySQL up to 5.0.20. Affected by this vulnerability is an unknown functionality of the component Authentication. The manipulation leads to memory corruption. This vulnerability is known as CVE-2006-1516. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

丹麦将禁止初中小学生在学校以及课外俱乐部使用手机

Solidot
9 months 2 weeks ago
丹麦政府改变了早先的立场,将修改立法,禁止初中和小学生使用手机,这意味着几乎所有从 7 岁到 16-17 岁的儿童被禁止携带手机进入学校。丹麦首相 Mette Frederiksen 在 2023 年组建了一个专门的委员会去调查青少年中间日益增长的不满情绪,委员会本周二发表了报告,对儿童和青少年生活中的数字化发出了警告,呼吁平衡数字生活和现实生活。委员会提出的一项建议就是禁止初中和小学生在学校以及课外俱乐部使用手机。儿童和教育部长 Mattias Tesfaye 称,有必要重新将学校定义为一个教育场所,留有反思的空间,而不是青少年卧室的延伸。对于手机禁令,特殊教育儿童可以例外。

Managed ad