Aggregator

CVE-2025-10388 | Selleo Mentingo 2025.08.27 Create New Course Basic Settings enroll-course Description cross site scripting (EUVD-2025-29108 / CNNVD-202509-1868)

5 months ago

A vulnerability, which was classified as problematic, was found in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-10388. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-10387 | codesiddhant Jasmin Ransomware up to 1.0.1 /handshake.php sql injection (EUVD-2025-29106 / CNNVD-202509-1869)

Vuldb Updates

5 months ago

A vulnerability, which was classified as critical, has been found in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. This vulnerability is handled as CVE-2025-10387. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-10386 | Yida ECMS Consulting Enterprise Management System 1.0 POST Request /login.do requestUrl cross site scripting (EUVD-2025-29105 / CNNVD-202509-1871)

Vuldb Updates

5 months ago

A vulnerability classified as problematic was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. This vulnerability is known as CVE-2025-10386. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-10385 | Mercury KM08-708H GiGA WiFi Wave2 1.1 /goform/mcr_setSysAdm sub_450B2C ChgUserId buffer overflow (EUVD-2025-29104 / CNNVD-202509-1872)

Vuldb Updates

5 months ago

A vulnerability classified as critical has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. This vulnerability is traded as CVE-2025-10385. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

vuldb.com

Integrating MDR with Existing Cybersecurity Infrastructure

Sygnia

5 months ago

Discover how MDR integration strengthens your cybersecurity by seamlessly aligning with existing infrastructure. Enhance detection, response, and resilience.

The post Integrating MDR with Existing Cybersecurity Infrastructure appeared first on Sygnia.

Sygnia