Submit #625358: phpgurukul Boat Booking System V1.0 SQL Injection [Duplicate]
Submit #625358 / VDB-280946
Aggregator
Submit #625207: phpgurukul Boat Booking System V1.0 SQL Injection [Duplicate]
2 months ago
Submit #625207 / VDB-280945
shiqumeng
CVE-2025-7646 | Plus Addons for Elementor Plugin up to 6.3.10 on WordPress cross site scripting
2 months ago
A vulnerability, which was classified as problematic, has been found in Plus Addons for Elementor Plugin up to 6.3.10 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2025-7646. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-51503 | Microweber CMS 2.0 User Profile cross site scripting (EUVD-2025-23298)
2 months ago
A vulnerability classified as problematic was found in Microweber CMS 2.0. Affected by this vulnerability is an unknown functionality of the component User Profile Handler. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-51503. The attack can be launched remotely. There is no exploit available.
vuldb.com
Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations
2 months ago
Key Findings Introduction Check Point Research (CPR) has been closely monitoring the ongoing exploitation of a group of Microsoft SharePoint Server vulnerabilities collectively referred to as “ToolShell.” These active attacks leverage four vulnerabilities—CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771—and are attributed to multiple China affiliated threat actors. Among the threat groups identified by Microsoft, two are known […]
The post Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations appeared first on Check Point Research.
CVE-2025-51383 | D-Link DI-8200 16.07.26A1 ipsec_road_asp host_ip buffer overflow (EUVD-2025-23296)
2 months ago
A vulnerability classified as critical has been found in D-Link DI-8200 16.07.26A1. Affected is the function ipsec_road_asp. The manipulation of the argument host_ip leads to buffer overflow.
This vulnerability is traded as CVE-2025-51383. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-54832 | OPEXUS FOIAXpress Public Access Link 11.1.0 external control of assumed-immutable web parameter (EUVD-2025-23293)
2 months ago
A vulnerability was found in OPEXUS FOIAXpress Public Access Link 11.1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to external control of assumed-immutable web parameter.
The identification of this vulnerability is CVE-2025-54832. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-51385 | D-Link DI-8200 16.07.26A1 yyxz_dlink_asp ID buffer overflow (EUVD-2025-23290)
2 months ago
A vulnerability was found in D-Link DI-8200 16.07.26A1. It has been declared as critical. This vulnerability affects the function yyxz_dlink_asp. The manipulation of the argument ID leads to buffer overflow.
This vulnerability was named CVE-2025-51385. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-51384 | D-Link DI-8200 16.07.26A1 ipsec_net_asp remot_ip buffer overflow (EUVD-2025-23294)
2 months ago
A vulnerability was found in D-Link DI-8200 16.07.26A1. It has been classified as critical. This affects the function ipsec_net_asp. The manipulation of the argument remot_ip leads to buffer overflow.
This vulnerability is uniquely identified as CVE-2025-51384. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-54834 | OPEXUS FOIAXpress Public Access Link 11.1.0 /App/CreateRequest.aspx observable response discrepancy (EUVD-2025-23292)
2 months ago
A vulnerability was found in OPEXUS FOIAXpress Public Access Link 11.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /App/CreateRequest.aspx. The manipulation leads to observable response discrepancy.
This vulnerability is handled as CVE-2025-54834. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-54833 | OPEXUS FOIAXpress Public Access Link 11.1.0 CAPTCHA excessive authentication (EUVD-2025-23291)
2 months ago
A vulnerability has been found in OPEXUS FOIAXpress Public Access Link 11.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component CAPTCHA Handler. The manipulation leads to improper restriction of excessive authentication attempts.
This vulnerability is known as CVE-2025-54833. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Everest
2 months ago
You must login to view this content
cohenido
CVE-2025-8426 | Marvell QConvergeConsole 5.5.0.78 compressConfigFiles path traversal (ZDI-25-733 / EUVD-2025-23297)
2 months ago
A vulnerability, which was classified as critical, was found in Marvell QConvergeConsole 5.5.0.78. Affected is the function compressConfigFiles. The manipulation leads to path traversal.
This vulnerability is traded as CVE-2025-8426. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
Everest
2 months ago
You must login to view this content
cohenido
Threat Actors Use Malicious RMM Tools for Stealthy Initial Access to Organizations
2 months ago
A small increase in targeted cyberattacks that make use of Remote Monitoring and Management (RMM) capabilities that are embedded in PDF documents has been seen by WithSecure. These campaigns primarily focus on organizations in France and Luxembourg, employing socially engineered emails to deliver innocuous PDFs containing hyperlinks to legitimate RMM installers. This method effectively circumvents […]
The post Threat Actors Use Malicious RMM Tools for Stealthy Initial Access to Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
НАСА: «Найдём инопланетян или умрём, пытаясь». Угадайте, что происходит
2 months ago
Учёные публикуют план, от которого зависит миссия десятилетия.
Microsoft to disable Excel workbook links to blocked file types
2 months ago
Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. [...]
Sergiu Gatlan
Beyond Code: Why Your Next Full Stack Hire Should Think Like a Product Owner
2 months ago
Hiring a full stack dev who doesn’t think like a product owner is like putting a sniper rifle in the hands of someone who doesn’t...Read More
The post Beyond Code: Why Your Next Full Stack Hire Should Think Like a Product Owner appeared first on ISHIR | Software Development India.
The post Beyond Code: Why Your Next Full Stack Hire Should Think Like a Product Owner appeared first on Security Boulevard.
Umesh Chandra
SUSE Linux security advisory (AV25-474)
2 months ago
Canadian Centre for Cyber Security
Anubis Ransomware Targets Android and Windows Users to Encrypt Files and Steal Credentials
2 months ago
Ransomware activity has skyrocketed in the ever-evolving cyber threat landscape, with Bitsight’s State of the Underground 2025 study indicating a 53% increase in ransomware group-operated leak sites and a roughly 25% increase in unique victims reported on leak sites throughout 2024. Amid this escalation, the Anubis ransomware variant has emerged as a formidable player, first […]
The post Anubis Ransomware Targets Android and Windows Users to Encrypt Files and Steal Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra