Aggregator

A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_freight_min leads to business logic errors. This vulnerability is known as CVE-2025-8991. The attack can be launched remotely. Furthermore, there is an exploit available.

A sophisticated new threat actor group dubbed “Curly COMrades” has emerged as a significant cybersecurity concern, conducting targeted espionage campaigns against critical organizations in countries experiencing substantial geopolitical shifts. The group has been actively pursuing long-term network access and credential theft operations since mid-2024, with a particular focus on judicial and government bodies in Georgia, […]

The post New ‘Curly COMrades’ APT Hackers Attacking Targeting Critical Organizations in Countries appeared first on Cyber Security News.

Submit #628788 / VDB-319989

A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search leads to sql injection. This vulnerability is traded as CVE-2025-8990. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. The identification of this vulnerability is CVE-2025-8989. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. This vulnerability was named CVE-2025-8988. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. It has been classified as critical. This affects an unknown part of the file /test-details.php. The manipulation of the argument remark leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8987. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. This vulnerability is handled as CVE-2025-8986. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability is known as CVE-2025-8985. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #628765 / VDB-319988

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Bad Map Projection: Interrupted Spheres’ appeared first on Security Boulevard.

Submit #628764 / VDB-319987

Submit #628677 / VDB-319986

A vulnerability, which was classified as critical, was found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation of the argument expense_name leads to sql injection. This vulnerability is traded as CVE-2025-8984. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expense_for leads to sql injection. The identification of this vulnerability is CVE-2025-8983. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument curr_code leads to sql injection. This vulnerability was named CVE-2025-8982. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of the argument payment_type leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8981. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #628676 / VDB-319985

Submit #628675 / VDB-319984

Submit #628664 / VDB-319983