Aggregator

CVE-2025-53941 | fedify-dev hollo up to 0.6.4 ActivityPub cross site scripting (GHSA-w7gc-g3x7-hq8h / EUVD-2025-21766)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in fedify-dev hollo up to 0.6.4. It has been rated as problematic. This issue affects some unknown processing of the component ActivityPub. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-53941. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53928 | MaxKB up to 1.10.8-lts MCP Call code injection (GHSA-38q2-4mm7-qf5h / EUVD-2025-21771)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in MaxKB up to 1.10.8-lts. It has been declared as critical. This vulnerability affects unknown code of the component MCP Call Handler. The manipulation leads to code injection. This vulnerability was named CVE-2025-53928. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53946 | LabRedesCefetRJ WeGIA up to 3.4.4 profile_paciente.php id_funcionario sql injection (GHSA-532r-mgxv-g7jm)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been classified as critical. This affects an unknown part of the file /html/saude/profile_paciente.php. The manipulation of the argument id_funcionario leads to sql injection. This vulnerability is uniquely identified as CVE-2025-53946. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54060 | LabRedesCefetRJ WeGIA up to 3.4.5 dependente_editarInfoPessoal.php idatendido_familiares sql injection (EUVD-2025-21769)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability has been found in LabRedesCefetRJ WeGIA up to 3.4.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /html/funcionario/dependente_editarInfoPessoal.php. The manipulation of the argument idatendido_familiares leads to sql injection. This vulnerability is known as CVE-2025-54060. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54058 | LabRedesCefetRJ WeGIA up to 3.4.5 dependente_editarEndereco.php idatendido_familiares sql injection (EUVD-2025-21770)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.5 and classified as critical. Affected by this issue is some unknown functionality of the file /html/funcionario/dependente_editarEndereco.php. The manipulation of the argument idatendido_familiares leads to sql injection. This vulnerability is handled as CVE-2025-54058. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-7763 | thinkgem JeeSite up to 5.12.0 Site Controller/SSO redirect (28/29 / EUVD-2025-21826)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is an unknown function of the component Site Controller/SSO. The manipulation leads to open redirect. This vulnerability is traded as CVE-2025-7763. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. Multiple endpoints are affected.
vuldb.com

Massistant: Chinese Mobile Forensic Tool Accesses SMS, Images, Audio, and GPS Data

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
4 months 4 weeks ago

Cybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated mobile forensics application called Massistant, deployed by Chinese law enforcement to extract comprehensive data from confiscated mobile devices. The tool represents a significant evolution from its predecessor MFSocket, incorporating advanced capabilities to bypass device security measures and collect sensitive information including SMS messages, images, audio […]

The post Massistant: Chinese Mobile Forensic Tool Accesses SMS, Images, Audio, and GPS Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-7762 | D-Link DI-8100 16.07.26A1 HTTP Request /menu_nat_more.asp stack-based overflow (EUVD-2025-21829)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-7762. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Akira

Dark Feed IO
4 months 4 weeks ago

You must login to view this content

cohenido

CVE-2025-51630 | TOTOLINK N350RT 9.3.5u.6139_B20201216 setIpPortFilterRules ePort buffer overflow (EUVD-2025-21773)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability classified as critical was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This vulnerability affects the function setIpPortFilterRules. The manipulation of the argument ePort leads to buffer overflow. This vulnerability was named CVE-2025-51630. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-40924 | HAARG Catalyst::Plugin::Session up to 0.43 on Perl rand generation of predictable numbers or identifiers (EUVD-2025-21775)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability classified as problematic has been found in HAARG Catalyst::Plugin::Session up to 0.43 on Perl. This affects the function rand. The manipulation leads to generation of predictable numbers or identifiers. This vulnerability is uniquely identified as CVE-2025-40924. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53909 | mailcow-dockerized 2024-07 special elements used in a template engine (EUVD-2025-21774)

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in mailcow-dockerized 2024-07. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is handled as CVE-2025-53909. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms

Cyber Security News
4 months 4 weeks ago

An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology firm in Oregon. Karen Serobovich Vardanyan, 33, was extradited to the U.S. on June 18, 2025, and […]

The post Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms appeared first on Cyber Security News.

Guru Baran

Managed ad